Last Modified: Mar 01, 2024
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
17.0.0, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.8, 15.1.7, 15.1.6, 15.1.5.1, 14.1.4.5, 14.1.4.4, 14.1.4.3, 14.1.4.2, 14.1.4.1
Opened: Mar 11, 2022 Severity: 3-Major
When a client attempts to resume the TLS session using the Session-ID in its Client Hello from a previous session, the BIG-IP agrees by using the same Session-ID in its Server Hello, but then proceeds to perform a full handshake (Server Hello, Certificate, Server Key Exchange, Certificate Request, Server Hello Done) instead of an abbreviated handshake (Server Hello, Change Cipher Spec, Server Hello Done). This is a violation of the TLS RFC.
Client-side TLS session resumption not working.
- High availability (HA) pair of two BIG-IP units. - LTM virtual server with a client-ssl profile. - Mirroring enabled on the virtual server
Disable mirroring on the virtual server
None