Last Modified: Sep 23, 2021
See more info
Known Affected Versions:
15.1.0, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 15.1.1, 15.1.2, 126.96.36.199, 15.1.3, 188.8.131.52, 15.1.4, 16.0.0, 184.108.40.206, 16.0.1, 220.127.116.11, 18.104.22.168, 16.1.0
Opened: Jul 27, 2021
Under some conditions, the BIG-IP's TLS 1.3 Client Hello sometimes does not have the pre-shared key extension as the last extension in the Client Hello. This is contrary to a requirement in the TLS 1.3 RFC, and causes servers to fail the connection. A backend server may log a message such as: SSL_do_handshake() failed (SSL: error:141B306E:SSL routines:tls_collect_extensions:bad extension)
The TLS handshake fails.
-- Server SSL profile (BIG-IP operating as client) with TLS 1.3 enabled. -- A Client Hello message size that falls between 256 and 512 bytes (without padding), which causes the BIG-IP to introduce a padding extension at the end of the Client Hello. This issue can be seen via use of the "single-dh-use" or "session-tickets" options in the SSL profile.
Adjust the configuration of the Server SSL profile by either: -- Disable Session Tickets or -- Disable the single-dh-use option