Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP APM
Known Affected Versions:
11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.5.3 HF1, 11.5.3 HF2, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.2, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2
Fixed In:
12.0.0, 11.6.0 HF4, 11.5.3, 11.4.1 HF9
Opened: Oct 16, 2014 Severity: 3-Major
There is no client side option to disable DTLS. This option can be very useful in troubleshooting client connectivity issues.
Troubleshooting connectivity issues becomes difficult.
It is required to debug DTLS versus TLS connections.
Disable DTLS on server side.
Now you can add new registry keys and use them to disable DTLS on both BIG-IP Edge Client and browsers. Using these keys, you can disable DTLS on a particular client without changing the BIG-IP system configuration. To disable DTLS on a client machine: Create registry DWORD value (keys are both valid for both x64 and x86 systems): HKEY_LOCAL_MACHINE\Software\F5 Networks\RemoteAccess\EnableDTLSTransport or HKEY_CURRENT_USER\Software\F5 Networks\RemoteAccess\EnableDTLSTransport and set to 0