Bug ID 727136: One dataset contains large number of variations of TLS hello messages on Chrome

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP AFM, ASM(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1

Fixed In:
15.0.0, 14.1.0.2

Opened: Jul 08, 2018

Severity: 3-Major

Symptoms

Dataset of TLS fingerprints of clients of a site can consume significantly more space than needed.

Impact

Dataset is full, so it does not contain a full TLS fingerprints set. As result there is a risk of creating false-positive TLS signatures.

Conditions

-- BADOS with TLS signatures. -- AFM end user clients using the Mozilla Chrome browser.

Workaround

Turn off TLS signatures.

Fix Information

Dataset of TLS fingerprints contains unique TLC fingerprints regardless GREASE ciphers.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips