Last Modified: Apr 11, 2024
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8
Fixed In:
14.0.0, 13.1.1, 12.1.3.5
Opened: Apr 03, 2018 Severity: 3-Major
SSL handshake will fail if Client initiates the handshake with TLS false start (Client SSL sends the SSL record data to server before Server sends out the CCS + FINISHED).
BIG-IP will send the RST to tear down the connection in TLS false start.
1. Client initiates the SSL handshake with False Start. 2. BIG-IP has SSL hardware acceleration enabled(which is default for for non-VE version).
1. Disable TLS False Start - that needs to be done on all clients so might not be feasible; 2. Disable SSL acceleration. 3. Disable AES-GCM ciphers in clientssl profile. Without AES-GCM clients will not try to use TLS false start and still be able to use (EC)DHE.
Do not process application data before verifying finished message and handshake complete.