Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP APM
Known Affected Versions:
12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8
Fixed In:
14.0.0, 13.1.1, 12.1.3.5
Opened: Nov 15, 2017 Severity: 3-Major
SSO-enabled Native RDP resources cannot be accessed via hardware (HW) BIG-IP systems with 'Intel Cave Creek' coprocessor (i.e., SSL connection cannot be established with the db variable 'crypto.hwacceleration' enabled, and RSA key used).
-- SSL connection fails. -- RDP client cannot launch the requested resource (desktop/application).
The failure might occur in the following scenario: -- Running on Intel Cave Creek Engine (e.g., BIG-IP 2000 (C112) or 4000 (C113)). -- Client OS is Mac, iOS, or Android. -- HW crypto is enabled -- Using a virtual server with a client SSL profile and 2048 bit RSA key on. -- Native RDP resource with enabled SSO is used on hardware BIG-IP with 'Intel Cave Creek' coprocessor. -- Output buffer size differs from RSA private key size.
There is no workaround other than to disable crypto HW acceleration with following command: tmsh modify sys db crypto.hwacceleration value disable
SSL connection can now be established as expected. SSO-enabled Native RDP resources now can now be accessed via hardware BIG-IP systems with 'Intel Cave Creek' coprocessor (e.g., BIG-IP 2000 (C112) or 4000 (C113) platforms) from Mac, iOS, and Android clients.