Bug ID 872721: SSL connection mirroring intermittent failure with TLS1.3

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5

Fixed In:
16.0.0, 15.1.5.1, 14.1.4.5

Opened: Jan 25, 2020

Severity: 3-Major

Symptoms

Intermittent failure of standby connection mirroring TLS1.3 handshake.

Impact

Standby device fails tls handshake, active success so connection succeeds but not mirrored.

Conditions

TLS1.3 and connection mirroring. More easily reproduces with ecdsa signature.

Workaround

None

Fix Information

Standby device now uses correct signature size if it differs from active device.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips