Bug ID 525429: DTLS renegotiation sequence number compatibility

Last Modified: Dec 19, 2018

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
10.2.4, 11.2.1, 11.4.1, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2

Fixed In:
13.0.0, 13.0.0, 12.1.2, 11.6.1 HF1, 11.5.4 HF3

Opened: May 28, 2015
Severity: 3-Major

Symptoms

OpenSSL library was modified to keep it compatible with RFC 6347 complaint DTLS server renegotiation sequence number implementation.

Impact

The current APM client is not compatible with new OpenSSL libary.

Conditions

The old OpenSSL library is not compatible with RFC6347, the new OpenSSL library is modified to be compatible with RFC6347. The current APM client is compatible with old OpenSSL library, not the new OpenSSL library.

Workaround

None

Fix Information

The APM client is now compatible with both the old and new OpenSSL library.

Behavior Change