Bug ID 1596637: TLS1.3 with c3d and ocsp handshake failure

Last Modified: May 17, 2025

Affected Product(s):
BIG-IP LTM(all modules)

Fixed In:
17.1.2

Opened: Jun 14, 2024

Severity: 3-Major

Symptoms

SSL handshakes fail, and TLS clients send 'Bad Record MAC' errors.

Impact

-- A handshake failure occurs.

Conditions

-- TLS1.3 connection configured with c3d and ocsp.

Workaround

Disable ocsp or use TLS1.2.

Fix Information

Handshake completes if using TLS1.3 with c3d and ocsp.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips