CVE-2021-22981

Name of the Vulnerable Software and Affected Versions BIG-IP versions 11.6.x through 12.1.x

Description The original TLS protocol includes a weakness in the master secret negotiation that is mitigated by the Extended Master Secret (EMS) extension defined in RFC 7627. TLS connections that do not use EMS are vulnerable to man-in-the-middle attacks during renegotiation.

Recommendations For BIG-IP versions 11.6.x through 12.1.x, consider enabling the Extended Master Secret (EMS) extension to mitigate the risk of man-in-the-middle attacks during renegotiation. As a temporary workaround, restrict TLS connections to only use EMS until a more permanent solution is available.