Symptoms

During SSL/TLS renegotiation, the TLS standard requires that the new ClientHello version matches the first session. Usually, SSL/TLS servers require the new ClientHello version to match the previous negotiated (ServerHello) version. The BIG-IP ServerSSL default behavior is to match this requirement. The problem occurs if the SSL/TLS server requires the ClientHello (both in the Record layer and Handshake Protocol) in the new ClientHello to be exactly the same as the SSL/TLS version of the first ClientHello; that is: ************************************************************ 1st ClientHello record layer version == 2nd ClientHello record layer version; 1st ClientHello Handshake Protocol version == 2nd ClientHello Handshake Protocol version. ************************************************************ As a result, the SSL/TLS server will reject the renegotiation handshake, causing the connection to terminate.

Impact

SSL/TLS renegotiation between BIG-IP ServerSSL profile and server may fail, resulting in an unexpected connection close or reset.

Conditions

This occurs when using virtual servers configured with one or more ServerSSL profiles, and an SSL/TLS renegotiation occurs, and the server requires the new ClientHello version to match the first ClientHello instead of the previous ServerHello version.

Workaround

Manually setting the ciphers in the ServerSSL to TLS1.0 can solve the issue.

Fix Information

A new db variable called ssl.RenegotiateWithInitialClientHello has been added to control the SSL/TLS version in the 2nd ClientHello: 1. The default is disable, which means that the 2nd ClientHello SSL/TLS version will be set to the negotiated version in the 1st round ServerHello. 2. If it is set to enable, both ClientHello versions will be exactly the same.

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips