Last Modified: Jan 26, 2026
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3, 15.1.10.4, 15.1.10.5, 15.1.10.6, 15.1.10.7, 15.1.10.8, 16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3, 16.1.5, 16.1.5.1, 16.1.5.2, 16.1.6, 16.1.6.1
Opened: Oct 08, 2021 Severity: 2-Critical
On small virtual machines (e.g. 2 cores, 4GB RAM) when OpenSSL-1.1.1 client connects to a BIG-IP device running TLS 1.3, and containing an iRule, the handshake fails.
The handshake is terminated.
1. Small virtual machine (e.g. one with 2 cores and 4GB RAM). 2. TLS 1.3 is enabled on the BIG-IP device. 3. An iRule is specified for client-side SSL.
Disable TLS 1.3 on the BIG-IP device only if an alternative protocol is available.
None