Last Modified: Oct 16, 2023
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
11.4.1, 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6
Fixed In:
13.0.0
Opened: Apr 14, 2016 Severity: 3-Major Related Article:
K88011877
When client hello reuses a previous session ID, and changes the SSL version from TLS 1.0 to TLS 1.2 in the handshake layer, but keeps the TLS 1.0 in the record layer, LTM accepts the session resumption, but changes the version of the record layer to TLS 1.2 as well, and finishes the resumption. However, the client aborts the connection due to the record layer version change.
LTM accepts the session resumption, but changes the version of the record layer to TLS 1.2, and finishes the resumption. However, the client aborts the connection due to the record layer version change.
When SSL client attempts to resume a session, but the client_version has changed.
None.
Instead of accept the session resumption, LTM SSL will do a SSL full handshake.