Last Modified: Jul 12, 2023
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
14.1.4.2, 14.1.4.1, 14.1.4
Fixed In:
14.1.4.3
Opened: Mar 30, 2021 Severity: 2-Critical
The BIG-IP system resets an HTTPS connection. SSL handshake failure logs appear in /var/log/ltm: warning tmm1[2555]: 01260013:4: SSL Handshake failed for TCP 10.0.0.l0:443 -> 10.0.0.20:60716 In the server-side packet trace, there is no Client Key Exchange message in response to the Server Hello Done message. The connection then is reset 10 seconds after the Server Hello Done message.
Clients cannot connect to the HTTPS pool members.
-- OCSP is configured for the server SSL profile. -- The OCSP responder cannot determine the intermediate CA cert status.
For each affected host, add the certificate of the issuer of the server certificate to the CA bundle specified in the Trusted CA field of the server SSL profile.
None