For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Icon for Altostratus rank

Altostratus

Sep 23, 2016

Issue with Apple IOS10

Hi! We are seeing that F5 is dropping SSL Sessions from Apple IOS 10 (available since 09/13, ten days ago).

After check it with a tcpdump, we are seeing the client is proposing in the ClientHello message the Cipher TLS_EMPTY_RENEGOTIATION_INFO_SCSV, that in RFC 5746 explicity is documented the server must reject it:

"When a ClientHello is received, the server MUST verify that it does not contain the TLS_EMPTY_RENEGOTIATION_INFO_SCSV SCSV. If the SCSV is present, the server MUST abort the handshake."

So, waiting for an Apple Fix, is there any workaround we can configure in F5? As an instance, can F5 disable SSL renegotiation?

Thanks!

application delivery

1 Reply

boneyard
MVP
Sep 25, 2016
sure it can

Local Traffic ›› Profiles : SSL : Client, look for Renegotiation

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5