Last Modified: Jul 13, 2024
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1
Fixed In:
13.1.0
Opened: Dec 21, 2016 Severity: 3-Major
The BIG-IP system honors client preferences and prefers P-384 if a TLS client instructed the BIG-IP TLS server to do so.
The BIG-IP system prefers P-384 over P-256.
When client supports both curve P-256 and P-384 for ECDHE in client-ssl profile
None.
The new behavior follows these evaluation steps: (1) For static key exchange ECDH-ECDSA/ECDH-RSA, always get the curve ID from certificate. (2) If the server static key (sent in X.509 cert to the client) is RSA 4K or ECDSA P-384, and if P-384 is included by the client in elliptic_curve_list, use P-384. (3) Otherwise, if client elliptic_curve_list has P-256, use it. (4) Otherwise, if client elliptic_curve_list has P-384, use it. (5) Otherwise, no ECDHE ciphersuite can be used.
In previous releases, the BIG-IP system honored client preferences and preferred P-384 if a TLS client instructed the BIG-IP TLS server to do so. The new behavior follows these evaluation steps: (1) For static key exchange ECDH-ECDSA/ECDH-RSA, always get the curve ID from certificate. (2) If the server static key (sent in X.509 cert to the client) is RSA 4K or ECDSA P-384, and if P-384 is included by the client in elliptic_curve_list, use P-384. (3) Otherwise, if client elliptic_curve_list has P-256, use it. (4) Otherwise, if client elliptic_curve_list has P-384, use it. (5) Otherwise, no ECDHE ciphersuite can be used.