Last Modified: Jul 12, 2023
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 13.1.5, 13.1.5.1
Fixed In:
14.0.0
Opened: Oct 11, 2017 Severity: 3-Major
Forward Proxy SSL at server side may send a wrong SNI extension when the client does not send one in its Client Hello message.
The server side of the proxy will use a wrong SNI in SSL handshake.
Forward Proxy SSL when the client does not send SNI extension in ClientHello, the server side will send a wrong SNI extension in its ClientHello.
There is no workaround.
The server side will not send SNI extension in ClientHello if the client does not send one in its ClientHello.