Bug ID 946481: Virtual Edition FIPS not compatible with TLS 1.3

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5

Fixed In:
16.1.0, 15.1.5.1, 14.1.4.6

Opened: Sep 17, 2020

Severity: 2-Critical

Symptoms

A TLS 1.3 handshake failure occurs when using openssl's AES-GCM cipher in FIPS mode.

Impact

Handshake failure for TLS 1.3

Conditions

FIPS mode and attempting TLS 1.3 with cipher AES-GCM

Workaround

Disable FIPS mode, or alternately use non AES-GCM cipher for TLS 1.3.

Fix Information

TLS 1.3 AES-GCM in FIPS mode now works correctly.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips