Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP All
Known Affected Versions:
13.0.0
Fixed In:
13.1.0, 13.0.0 HF1, 12.1.2 HF1
Opened: Mar 07, 2017 Severity: 3-Major
The BIG-IP system does not act on the absence of renegotiation.
Limits, such as data limits ("Renegotiate Size" in Server SSL) or time limits ("Renegotiate Period" in Server SSL) are not enforced with finite "Handshake Timeout".
A BIG-IP system acts as TLS client, a TLS server ignores renegotiation request. Finite TLS session data or time limits are configured in Server SSL Profile on the BIG-IP system. An example of such a TLS server is Apache/2.4.10 on Fedora Linux.
None.
BIG-IP system acting as TLS client (Server SSL Profile) now shuts down the connection if a TLS server did not continue with TLS renegotiation within "Handshake Timeout" seconds after the ClientHello, corresponding to the renegotiation initiation, was sent by the BIG-IP system.