Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
11.0.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.5.1 HF1, 11.6.1 HF1, 11.5.1 HF2, 11.6.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.6.2 HF1, 11.5.3 HF1, 11.5.3 HF2, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.1.0, 11.2.0, 11.2.1, 11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.2, 11.5.3
Fixed In:
11.6.0, 11.5.4, 11.4.1 HF9
Opened: Mar 13, 2014 Severity: 3-Major Related Article:
K17075
During session resumption, the same cipher must be used as was during the original session. If the original session negotiates cipher A, and the resumed clienthello contains cipher A and B, the BIG-IP system might choose cipher B, which is incorrect.
Not strictly RFC compliant.
The original ClientHello contains a different cipher list from the resuming one, and the resuming one contains a stronger cipher than was originally chosen.
This issue has no workaround.
When the original ClientHello and resuming ClientHello contain different ciphers, if the original cipher is in the resuming ClientHello it will be chosen and the session resumed, otherwise a full handshake will be used.