Last Modified: Jul 13, 2024
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4
Fixed In:
12.1.0
Opened: Jun 23, 2015 Severity: 3-Major Related Article:
K17577
If an SSL profile is configured with only RSA key/cert pair and only ecdhe-ecdsa ciphers are selected, the configuration did not show an error message. Subsequent SSL handshakes do not succeed and show 'no ciphers selected' error messages.
All SSL handshakes fail with `no cipher suite selected'.
Ecdhe-ecdsa ciphers are selected in the `ciphers' list, but no ecde-ecdsa key and cert is configured in the SSL profile.
When configuring an SSL profile, if an ecdhe-ecdsa cipher is selected in the 'ciphers' field, make sure ecdhe-ecdsa key/cert is also configured.
SSL profile configuration now displays an error message indicating configured key/cert type does not match the configured cipher suites.
The system reports an error message if there are no usable ciphers of the client SSL profile, i.e., the cert/key type of cipher string do not match it or the configured cert/key. In the past the system did not report an error for this invalid configuration.