Bug ID 1024241: Empty TLS records from client to BIG-IP results in SSL session termination

Last Modified: Feb 02, 2023

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1

Opened: Jun 09, 2021
Severity: 2-Critical

Symptoms

After client completes TLS handshake with BIG-IP, when it sends an empty TLS record (zero-length cleartext), the client BIG-IP SSL connection is terminated.

Impact

SSL connection termination is seen in TLS clients.

Conditions

This is reported on i7800 which has Intel QAT crypto device The issue was not reported on Nitrox crypto based BIG-IP platforms. Issue is not seen when hardware crypto is disabled.

Workaround

Disable hardware crypto acceleration.

Fix Information

None

Behavior Change