Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
10.2.4, 11.0.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.5.1 HF1, 11.6.1 HF1, 11.5.1 HF2, 11.6.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.6.2 HF1, 11.5.3 HF1, 11.5.3 HF2, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.2.1, 11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1
Fixed In:
11.6.0, 11.5.2, 11.4.1 HF9
Opened: Mar 28, 2014 Severity: 3-Major Related Article:
K32147936
When padding is used (from TLS1.0 forward), all bytes must be set the the length of the padding or the handshake should fail.
Handshake succeeds where it should fail.
TLS 1.0 or greater handshake with padding.
None.
The padding values used in the TLS 1.0 or greater handshake are now validated, and invalid values cause an alert to be sent.