Bug ID 1952657

Bug Tracker
ID 1952657

Bug ID 1952657: In FIPS-CC mode ECC Certificates with explicitly defined EC parameters are accepted

Last Modified: Oct 09, 2025

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
17.5.0, 17.5.1

Fixed In:
17.5.1.2

Opened: May 20, 2025

Severity: 3-Major

Symptoms

BIG-IP accepts certificates with explicit EC parameters enabled while importing and handshakes will be successful.

Impact

BIG-IP improperly imports certificates with explicitly-defined EC params when running in Common Criteria mode.

Conditions

1. BIG-IP is in CC (Common Criteria) mode 2. BIG-IP has ECC certificates as a Server and/or Clients/Servers interacting with BIG-IP sending ECC certificates with Explicit EC params

Workaround

None

Fix Information

Added fix to reject certificates with explicit defined ec params by BIG-IP while importing

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips