Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5
Fixed In:
14.0.0, 13.1.0.6
Opened: Jan 09, 2018 Severity: 3-Major Related Article:
K36563645
SSL handshake fails if the BIG-IP system is operating in ProxySSL mode, while client and server negotiate to use the Extended Master Secret and OCSP features together.
ProxySSL does not work properly with Extended Master Secret and OCSP simultaneously.
1. Virtual server is configured to work in ProxySSL mode. 2. Client and server negotiate the SSL handshake with the Extended Master Secret. 3. Client and Server negotiate to use the OCSP.
None.
Included the certificate status message in the calculation of Extended Master Secret.