Bug ID 592854: Protocol version set incorrectly on serverssl renegotiation

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 12.1.0

Fixed In:
13.0.0, 12.1.0 HF1, 11.6.1 HF1, 11.5.4 HF2

Opened: May 12, 2016
Severity: 3-Major

Symptoms

If the BIG-IP serverssl profile sends a new ClientHello request to renegotiate SSL, the protocol version will be set to 0. This will cause renegotiation to fail.

Impact

Protocol field is invalid (0), and the server will reset the connection.

Conditions

ServerSSL profile configured on a virtual server, and BIG-IP initiates a renegotiation.

Workaround

None

Fix Information

Fixed a reset issue with SSL renegotiation in the serverssl profile.

Behavior Change