Bug ID 425032: Connection hangs with AES and DES ciphers and option "Don't insert empty fragments" disabled

Last Modified: Nov 14, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
11.4.1

Fixed In:
11.5.0

Opened: Jul 11, 2013
Severity: 3-Major
Related Article:
K16141

Symptoms

Connection hangs with AES and DES ciphers and option "Don’t insert empty fragments" disabled. The connection with AES256-SHA is hanging when using SSLv3 or TLSv1.0.

Impact

connection hangs

Conditions

This issue happens specifically when option "Don’t insert empty fragments" is disabled. client: openssl server: apache.

Workaround

None

Fix Information

Do not send empty fragment for TLS 1.1 and 1.2 on block ciphers. Only send empty fragment when we are going to send any egress data.

Behavior Change