Last Modified: Sep 16, 2025
Affected Product(s):
BIG-IP Install/Upgrade, TMOS
Known Affected Versions:
17.1.2, 17.1.2.1, 17.1.2.2
Opened: Jan 22, 2025 Severity: 3-Major
A TLS1.3 connection between the BIG-IP system and the server hangs. Other reported symptoms: -- SSL decryption fails -- SSL handshake failure -- SSL Orchestrator explicit proxy stops responding This can be encountered after an upgrade to an affected version.
The connection hangs and the client is unable to connect to the server.
A virtual server that uses 1. TLS1.3 in the serverSSL profile 2. An APM policy that uses events that trigger after the SSL handshake on the server has completed In an SSL Orchestrator setting, inline HTTP and ICAP services make use of APM policies that use L7 protocol lookup. Server Certificate and L7 protocol lookup conditions also make use of events that trigger the APM policy after the SSL handshake has completed.
Apply either of these workarounds 1. Disable TLS1.3 on the serverSSL profile 2. Avoid using events that trigger the policy after the SSL handshake on the server has completed (for example avoid Event Wait and L7 protocol Lookup)
None