Last Modified: Sep 01, 2025
Affected Product(s):
BIG-IP All
Known Affected Versions:
17.5.0, 17.5.1
Opened: May 14, 2025 Severity: 3-Major
In TLS, the psk_key_exchange_modes extension in the Client Hello specifies the supported key exchange modes for resuming sessions with pre-shared keys (PSK). As per Common Criteria guidelines, if client hello contains only psk_ke mode in the "psk_key_exchange_modes" extension then TLS handshake either (1) implicitly rejects the session ticket by performing a full handshake, or (2) terminates the TLS handshake to prevent the flow of application data.
TLS handshake will be successful with this configuration.
In ClientHello, only psk_ke mode should be present in the "psk_key_exchange_modes" extension. ClientHello should contain "pre_shared_key" extension too.
None
None