Last Modified: Feb 07, 2024
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 16.0.0, 16.0.0.1, 16.0.1, 16.0.1.1, 16.0.1.2, 16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2
Fixed In:
17.0.0, 16.1.3, 15.1.5.1, 14.1.4.6
Opened: Jan 26, 2021 Severity: 3-Major
SSL handshakes fail, and TLS clients send 'Bad Record MAC' errors.
-- A handshake failure occurs. -- Client certificate authentication may pass without checking its validity via OCSP.
-- LTM authentication profile using OCSP and TLS1.3. -- Client application data arrives during LTM client authentication iRule.
Use TLS1.2 or use TLS1.3 without the LTM authentication profile.
Handshake completes if using TLS1.3 with client authentication and LTM auth profile.