Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP All
Known Affected Versions:
11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.5.3 HF1, 11.5.3 HF2, 11.5.4 HF1, 11.5.4 HF2, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2
Fixed In:
12.1.0, 11.6.1 HF2, 11.5.4 HF3
Opened: Nov 04, 2015 Severity: 3-Major Related Article:
K13206013
The client-ssl profile is Case-Sensitive when configuring server-name in the client-ssl profiles and checking server_name extension in the ClientHello Message.
The system treats mixed upper-lower case server-name as different names which violate the RFC6066, which states: "Currently, the only server names supported are DNS hostnames. DNS hostnames are case-insensitive."
When using mixed upper-lower case server-name in the client-ssl profile configuration and ClientHello messages.
1. Configure only one client-ssl profile with same server-name. 2. Use only lower-case server-name when configure the client-ssl profile. 3. Use lower-case server-name in the Client side.
The system now treats mixed upper-lower case server-names as the same name, so server-name is no longer case sensitive.