Bug ID 452246: The correct cipher may not be chosen on session resumption.

Last Modified: May 14, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
11.0.0, 11.1.0, 11.2.0, 11.2.1, 11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2

Fixed In:
11.6.0, 11.5.4, 11.4.1 HF9

Opened: Mar 13, 2014
Severity: 3-Major
Related AskF5 Article:
K17075

Symptoms

During session resumption, the same cipher must be used as was during the original session. If the original session negotiates cipher A, and the resumed clienthello contains cipher A and B, the BIG-IP system might choose cipher B, which is incorrect.

Impact

Not strictly RFC compliant.

Conditions

The original ClientHello contains a different cipher list from the resuming one, and the resuming one contains a stronger cipher than was originally chosen.

Workaround

This issue has no workaround.

Fix Information

When the original ClientHello and resuming ClientHello contain different ciphers, if the original cipher is in the resuming ClientHello it will be chosen and the session resumed, otherwise a full handshake will be used.

Behavior Change