Operational Defect Database
BugZero found this defect 251 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
F5 | 1344925
TLS1.3 does not fall back to full handshake when Client Hello is missing the pre_shared_key
Last update date:
4/26/2024
Affected products:
BIG-IP
BIG-IP LTM
Affected releases:
15.1.8.2
15.1.9
15.1.9.1
15.1.10
15.1.10.2
15.1.10.3
15.1.10.4
17.1.0.2
17.1.0.3
17.1.1
17.1.1.1
17.1.1.2
Fixed releases:
No fixed releases provided.
Description:
Bug ID 1344925: TLS1.3 does not fall back to full handshake when Client Hello is missing the pre_shared_key ... Last Modified: Apr 26, 2024 ... Affected Product(s): ... BIG-IP sends out a TLS Fatal Error (Handshake Failure) when TLS1.3 Client Hello is missing the 'pre_shared_key' extension when TLS session resumption is expected. ... Impact ... BIG-IP resets the connection with TLS Fatal Alert (Handshake Failure) instead of falling back to full TLS handshake. ... Conditions ... -- TLS1.3 Session resumption -- Client Hello is missing the 'pre_shared_key' extension (but has a valid 'key_share')
