Bug ID 592854: Protocol version set incorrectly on serverssl renegotiation

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.5.3 HF1, 11.5.3 HF2, 11.5.4 HF1, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4

Fixed In:
13.0.0, 12.1.0 HF1, 11.6.1 HF1, 11.5.4 HF2

Opened: May 12, 2016

Severity: 3-Major

Symptoms

If the BIG-IP serverssl profile sends a new ClientHello request to renegotiate SSL, the protocol version will be set to 0. This will cause renegotiation to fail.

Impact

Protocol field is invalid (0), and the server will reset the connection.

Conditions

ServerSSL profile configured on a virtual server, and BIG-IP initiates a renegotiation.

Workaround

None

Fix Information

Fixed a reset issue with SSL renegotiation in the serverssl profile.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips