Last Modified: Apr 17, 2024
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 14.1.4.5, 14.1.4.6, 14.1.5, 14.1.5.1, 14.1.5.2, 14.1.5.3, 14.1.5.4, 14.1.5.6, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3, 15.1.10.4
Fixed In:
17.0.0
Opened: May 07, 2021 Severity: 3-Major
Eight-second delays occur on traffic through an SSL connection mirroring virtual server, and errors occur on the standby device: crit tmm7[11598]: 01010025:2: Device error: crypto codec Couldn't create an OpenSSL EC group object OpenSSL error:0906D06C:PEM err tmm7[11598]: 01010282:3: Crypto codec error: sw_crypto-7 Couldn't initialize the elliptic curve parameters. crit tmm7[11598]: 01010025:2: Device error: crypto codec No codec available to initialize request context.
SSL traffic is significantly delayed and errors are thrown on the standby device.
All of these conditions: -- SSL connection mirroring enabled -- Session tickets are enabled -- High availability (HA) environment and one of the following: -- Running BIG-IP v14.1.4.1 or above (in the v14.1.x branch) or -- Engineering hotfix applied to v14.x/v15.x that has the ID760406 fix (see https://cdn.f5.com/product/bugtracker/ID760406.html)
Any one of the following could prevent the problem. -- client-ssl profile cache-size 0. -- client-ssl profile session-ticket disabled (default). -- disable SSL connection mirror on virtual server.
None