Last Modified: Jul 13, 2024
Affected Product(s):
BIG-IP All
Known Affected Versions:
11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3
Fixed In:
15.0.0
Opened: May 29, 2014 Severity: 4-Minor Related Article:
K31793632
tcpdump does not have the functionality to help analysis of encrypted data issues such as issues during encrypted TLS 1.3 handshakes, encrypted SSL/TLS payload for TLS 1.3, TLS 1.2 and earlier.
No ability to debug and analyze encrypted handshake and encrypted data of SSL/TLS connections.
When there is a need to look at the encrypted traffic in an SSL/TLS connection or when there is a need to debug the encrypted handshake of TLS 1.3.
You can use the OpenSSL keylogfile option to gather the same information needed to decrypt. This has to be done separately from the tcpdump capture.
In this release, there is a '--f5 ssl' option provided, which along with setting the dbvar 'tcpdump.sslprovider' to 'enable' supports capture of information needed to decrypt encrypted handshake and data.
tcpdump has a new option: '--f5 ssl. When the db variable 'tcpdump.sslprovider' is set to 'enable', the tcpdump operation captures information needed to decrypt encrypted handshake and data.