Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP LTM, TMOS
Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1
Fixed In:
14.0.0, 13.1.1.2, 12.1.3.7
Opened: Oct 27, 2017 Severity: 3-Major Related Article:
K59327001
Node Server rejects received-and-incomplete ClientHello message and connection terminates.
With Session Persistence enabled -- The parser fails to reassemble fragmented ClientHello messages prior to passing it on to the backend server. -- As a result, the backend server responds as if it has received an incomplete ClientHello message, rejects the handshake, and terminates the connection.
This occurs when the following conditions are met: -- SSL Persistence is enabled. -- There is no ClientSSL and ServerSSL profile. -- The BIG-IP device receives fragments of a ClientHello message (typically, 11 bytes each) from an SSL front-end client.
The issue disappears when SSL Persistence is disabled.
None