Last Modified: Nov 07, 2022
Affected Product(s):
BIG-IP (all modules)
Known Affected Versions:
10.2.4, 11.2.1, 11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4
Fixed In:
11.6.0, 11.5.1 HF5, 11.4.1 HF9, 11.3.0 HF9, 11.2.1 HF15
Opened: Jun 16, 2014 Severity: 2-Critical
In renegotiation, sp->rxccs is set when encrypted CCS is received. Decrypted Client Key Exchange message could be received after encrypted CCS message is received. So BIGIP should use decrypted CCS flag instead of encrypted CCS flag.
SSL handshake fails.
Decrypted Client Key Exchange message could be received after encrypted CCS message is received.
None
Use decrypted CCS flag instead of CCS flag. In renegotiation, sp->rxccs is set when encrypted CCS is received. Decrypted Client Key Exchange message could be received after encrypted CCS message is received. So BIGIP should use decrypted CCS flag instead of encrypted CCS flag.