Operational Defect Database
BugZero found this defect 207 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
F5 | 1366217
The TLS 1.3 SSL handshake fails with "Decryption error" when using dynamic CRL validator
Last update date:
4/26/2024
Affected products:
BIG-IP
BIG-IP LTM
Affected releases:
14.1.0
14.1.0.1
14.1.0.2
14.1.0.3
14.1.0.5
14.1.0.6
14.1.2
14.1.2.1
14.1.2.2
14.1.2.3
14.1.2.4
14.1.2.5
Fixed releases:
No fixed releases provided.
Description:
Severity: 3-Major ... Symptoms ... The SSL handshakes using TLS 1.3 protocol fails with decryption errors when using dynamic CRL validator in SSL profiles on BIG-IP. ... Impact ... Unable to use CRLDP to authenticate client certificates when using TLS 1.3 protocol. ... Conditions ... 1. Create SSL profile with dynamic CRL validator enabled. ... 3. Connect to VIP using TLS 1.3 protocol. ... Workaround ... Use static CRL or OCSP on SSL profiles to validate client entities. ... Fix Information ... None
