Bug ID 1344925: TLS1.3 does not fall back to full handshake when Client Hello is missing the pre_shared_key

Last Modified: Jun 13, 2024

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:, 15.1.9,, 15.1.10,,,,,, 17.1.1,,,

Opened: Aug 30, 2023

Severity: 3-Major


BIG-IP sends out a TLS Fatal Error (Handshake Failure) when TLS1.3 Client Hello is missing the 'pre_shared_key' extension when TLS session resumption is expected.


BIG-IP resets the connection with TLS Fatal Alert (Handshake Failure) instead of falling back to full TLS handshake.


-- TLS1.3 Session resumption -- Client Hello is missing the 'pre_shared_key' extension (but has a valid 'key_share')


Don't use TLS1.3 and session resumption.

Fix Information


Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips