Bug ID 467507

Bug Tracker
ID 467507

Bug ID 467507: Use decrypted CCS flag instead of CCS flag.

Last Modified: Apr 28, 2025

Affected Product(s):
BIG-IP None(all modules)

Known Affected Versions:
10.2.4, 11.2.1, 11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4

Fixed In:
11.6.0, 11.5.1 HF5, 11.4.1 HF9, 11.3.0 HF9, 11.2.1 HF15

Opened: Jun 16, 2014

Severity: 2-Critical

Symptoms

In renegotiation, sp->rxccs is set when encrypted CCS is received. Decrypted Client Key Exchange message could be received after encrypted CCS message is received. So BIGIP should use decrypted CCS flag instead of encrypted CCS flag.

Impact

SSL handshake fails.

Conditions

Decrypted Client Key Exchange message could be received after encrypted CCS message is received.

Workaround

None

Fix Information

Use decrypted CCS flag instead of CCS flag. In renegotiation, sp->rxccs is set when encrypted CCS is received. Decrypted Client Key Exchange message could be received after encrypted CCS message is received. So BIGIP should use decrypted CCS flag instead of encrypted CCS flag.

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips