Bug ID 467507: Use decrypted CCS flag instead of CCS flag.

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP None(all modules)

Known Affected Versions:
10.2.4, 11.6.2 HF1, 11.2.1, 11.3.0, 11.4.0, 11.4.1

Fixed In:
11.6.0, 11.5.1 HF5, 11.4.1 HF9, 11.3.0 HF9, 11.2.1 HF15

Opened: Jun 16, 2014

Severity: 2-Critical

Symptoms

In renegotiation, sp->rxccs is set when encrypted CCS is received. Decrypted Client Key Exchange message could be received after encrypted CCS message is received. So BIGIP should use decrypted CCS flag instead of encrypted CCS flag.

Impact

SSL handshake fails.

Conditions

Decrypted Client Key Exchange message could be received after encrypted CCS message is received.

Workaround

None

Fix Information

Use decrypted CCS flag instead of CCS flag. In renegotiation, sp->rxccs is set when encrypted CCS is received. Decrypted Client Key Exchange message could be received after encrypted CCS message is received. So BIGIP should use decrypted CCS flag instead of encrypted CCS flag.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips