Last Modified: Feb 28, 2025
Affected Product(s):
BIG_IP_NEXT(VE/HW) TMOS
Known Affected Versions:
16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3, 16.1.5, 16.1.5.1, 16.1.5.2, 17.0.0, 17.0.0.1, 17.0.0.2, 17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4, 17.1.2, 17.1.2.1, 17.5.0
Opened: Sep 14, 2023 Severity: 3-Major
SSL handshake fails to complete and various errors show in the LTM logs 01010025:2: Device error: crypto codec Couldn't create an OpenSSL EC group object OpenSSL error:00000000:lib(0):func(0):reason(0) 01010282:3: Crypto codec error: sw_crypto-1 Couldn't initialize the elliptic curve parameters. 01010025:2: Device error: crypto codec No codec available to initialize request context.
SSL handshake fails and results in connection failure.
An SSL profile uses TLS1.3, and a TLS Client Hello attempts to use FFDHE as part of the key share extension.
Set the SSL profile to disallow using FFDHE groups.
None