Symptoms

When a TLS 1.2 connection is initiated with https virtual server using a cipher rule with hybrid KEM algorithms listed first, the connection handshake fails.

Impact

TLS 1.2 connections secure key exchange fail when hybrid KEM algorithms listed first in the cipher rule configurations.

Conditions

Cipher rule is configured with hybrid KEM algorithms before their related classic DH-group algorithms. Issue does not occur if classic DH-group algorithms precede hybrid KEM algorithms in the cipher rule. Fail: ltm cipher rule group1 { cipher rule1 dh-groups X25519MLKEM768:X25519 } Works: ltm cipher rule group1 { cipher rule1 dh-groups X25519:X25519MLKEM768 }

Workaround

Issue does not occur if classic DH-group algorithms precede hybrid KEM algorithms in the cipher rule. ltm cipher rule group1 { cipher rule1 dh-groups X25519:X25519MLKEM768 }

Fix Information

Ensure hybrid PQC KEM and classic DH-group algorithms can coexist in any order within cipher rule configurations without handshake failures.

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips