Bug ID 477742: DTLS message sequence number is off by one

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9

Opened: Sep 03, 2014
Severity: 3-Major

Symptoms

The DTLS message sequence number is incorrect.

Impact

Incompatibility with some SSL clients using OpenSSL versions beginning with version 1.0.1h. The clients work as expected with versions of OpenSSL previous to 1.0.1h. Note: The issue is visible during renegotiation with DTLS only.

Conditions

SSL over UDP (DTLS) is configured.

Workaround

Use a version of OpenSSL previous to 1.0.1h.

Fix Information

None

Behavior Change