Last Modified: Jul 12, 2023
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
11.2.0, 11.2.1, 11.3.0, 11.4.0, 11.4.1
Fixed In:
11.5.0, 11.4.1 HF9
Opened: May 18, 2013 Severity: 3-Major Related Article:
K15463
Client-initiated renegotiation for Server SSL profile does not work with DTLS when it connects to another BIG-IP Client SSL.
Attempts to renegotiate Datagram Transport Layer Security (DTLS) connections between BIG-IP systems might fail.
This issue occurs when the following condition is met: A BIG-IP system configured with a Server SSL profile attempts to renegotiate a DTLS connection with a BIG-IP system configured with a Client SSL profile, as follows: BIG-IP (Server SSL) BIG-IP (Client SSL) | | |----ClientHello (no cookie)----->| |<---HelloVerifyRequest(cookie)---| |-----ClientHello(with cookie)--->| | |
Do not directly connect two BIG-IP systems by DTLS.
Client-initiated renegotiation for Server SSL profile now works with DTLS when it connects to another BIG-IP Client SSL.