Bug ID 499946: Nitrox might report bad records on highly fragmented SSL records

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.5.3 HF1, 11.5.3 HF2, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.1, 11.5.2, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:
12.0.0, 11.6.0 HF5, 11.5.3

Opened: Jan 07, 2015

Severity: 3-Major

Related Article: K16801

Symptoms

When using an AES-GCM cipher on highly fragmented SSL records, platforms with Cavium Nitrox cards might report Bad records.

Impact

The BIG-IP system disconnects Client SSL connections prematurely. The SSL profile shows a number of Bad records.

Conditions

The negotiated cipher is one of the AES-GCM ciphers, and the MTU is such that the SSL records are highly fragmented.

Workaround

None.

Fix Information

The processing buffers reserve the proper number of subsequent parameters.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips