Bug ID 623940: SSL Handshake fails if client tries to negotiate EC ciphers but does not present ec_point_formats extension in ClientHello

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:
13.1.0, 13.0.0, 12.1.3

Opened: Oct 20, 2016
Severity: 3-Major

Symptoms

If client tries to negotiate EC ciphers but does not present ec_point_formats extension, SSL handshake fails. The ltm error log message looks like: ***************************************************** Oct 12 11:25:08 gtm2 warning tmm1[21167]: 01260009:4: Connection error: ssl_select_suite:6799: no shared ciphers (40) Oct 12 11:25:08 gtm2 warning tmm1[21167]: 01260026:4: No shared ciphers between SSL peers 10.1.6.50.36563:10.1.6.15.443. *****************************************************

Impact

SSL Handshake fails.

Conditions

If client tries to negotiate EC ciphers but does not present ec_point_formats extension, SSL handshake fails.

Workaround

None

Fix Information

None

Behavior Change