Last Modified: Oct 15, 2025
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4, 17.1.2, 17.1.2.1, 17.1.2.2, 17.1.3, 17.5.1, 17.5.1.2, 17.5.1.3
Opened: Aug 19, 2025 Severity: 4-Minor
Under certain conditions, LTM logs on a Standby unit might display messages such as below: Jul 11 17:12:39 localhost.localdomain warning tmm[13055]: 01260009:4: (null connflow): Connection error: ssl_basic_crypto_cb:703: alert(20) Decryption error Jul 11 17:12:39 localhost.localdomain warning tmm[13055]: 01260009:4: 10.1.1.1:443 -> 10.1.1.12:61412: Connection error: hud_ssl_handler:2196: alert(20) codec alert Jul 11 17:12:39 localhost.localdomain warning tmm[13055]: 01260013:4: SSL Handshake failed for TCP 10.1.1.1:443 -> 10.1.1.2:61412
Some mirrored connections (from Active to Standby unit) may fail to be correctly decrypted at the Standby device
-- Device group with more than 1 unit (ie, not Standalone) -- Mirroring configured correctly (as per K17391) -- Virtual server with serverssl profile and mirroring -- Serverssl profile configured with support for session-resumption (see K6767 for more info on session-resumption) -- SSL session resumption actually takes place -- Timing also appears to be involved (quick session resumption is used)
Disable SSL session resumption on the serverssl profile
None