Bug ID 525429: DTLS renegotiation sequence number compatibility

Last Modified: Apr 28, 2025

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
10.2.4, 11.2.1, 11.4.1, 11.5.1, 11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2

Fixed In:
13.0.0, 13.0.0, 12.1.2, 11.6.1 HF1, 11.5.4 HF3

Opened: May 28, 2015

Severity: 3-Major

Symptoms

OpenSSL library was modified to keep it compatible with RFC 6347 complaint DTLS server renegotiation sequence number implementation.

Impact

The current APM client is not compatible with new OpenSSL libary.

Conditions

The old OpenSSL library is not compatible with RFC6347, the new OpenSSL library is modified to be compatible with RFC6347. The current APM client is compatible with old OpenSSL library, not the new OpenSSL library.

Workaround

None

Fix Information

The APM client is now compatible with both the old and new OpenSSL library.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips