Bug ID 703580: TLS1.1 handshake failure on v12.1.3 vCMP guest with earlier BIG-IP version on vCMP host.

Last Modified: Jun 04, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP All(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5

Fixed In:
14.1.0, 13.1.1.2, 12.1.3.6

Opened: Jan 24, 2018
Severity: 3-Major

Symptoms

TLS1.1 handshake failure on guest. The following error appears in /var/log/ltm: warning tmm[11611]: 01260009:4: Connection error: ssl_hs_cn_vfy_fin:2339: corrupt Finished (20)

Impact

TLS1.1 handshake fails on the guest.

Conditions

-- Using the VIPRION 42xx/43xx and B21xx blades. -- Running BIG-IP software earlier than v12.1.3 (for example v12.1.2-hf2) on the vCMP host system. -- Deploying vCMP guest running v12.1.3. -- Using TLS1.1.

Workaround

Use the same software version on the vCMP host and vCMP guests.

Fix Information

TLS1.1 handshake no longer fails running v12.x/v13.x vCMP guest with earlier BIG-IP software version on vCMP host.

Behavior Change