Bug ID 425032: Connection hangs with AES and DES ciphers and option "Don't insert empty fragments" disabled

Last Modified: Nov 14, 2022

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
11.4.1

Fixed In:
11.5.0

Opened: Jul 11, 2013

Severity: 3-Major

Related Article: K16141

Symptoms

Connection hangs with AES and DES ciphers and option "Don’t insert empty fragments" disabled. The connection with AES256-SHA is hanging when using SSLv3 or TLSv1.0.

Impact

connection hangs

Conditions

This issue happens specifically when option "Don’t insert empty fragments" is disabled. client: openssl server: apache.

Workaround

None

Fix Information

Do not send empty fragment for TLS 1.1 and 1.2 on block ciphers. Only send empty fragment when we are going to send any egress data.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips