Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP APM, LTM
Known Affected Versions:
11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3
Fixed In:
13.1.0, 13.0.1, 12.1.3.2, 11.6.3.3, 11.5.9
Opened: Apr 05, 2017 Severity: 3-Major Related Article:
K85522235
SSL failed to renegotiate intermittently with AES-GCM cipher because IV is not properly updated when a change cipher spec message is received.
Some servers authenticate client using renegotiation. This issue prevents their clients from properly connecting to the servers.
This failure is more likely to occur during mutual authentication.
Disable AES-GCM cipher.
The system now properly updates AES-GCM IV when a change cipher spec message is received.