Last Modified: Nov 07, 2022
Affected Product(s):
BIG-IP All
Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.0.0 HF2
Fixed In:
12.1.0, 12.0.0 HF3
Opened: Oct 27, 2015 Severity: 3-Major Related Article:
K30092425
In the output of 'tmsh show sys memory', the 'ssl' and 'work' memory usage is growing and not seen to free memory.
The memory usage grows, and the system might eventually be out of memory.
SSL has memory leak when peer sent a certificate chain (Root-Intermediate-Leaf) but the BIG-IP system's SSL configuration has only Root certificate configured as a trusted CA.
To work around this, configure SSL to trust all 'intermediate CAs' and 'root CA' certs, not just 'root CA' certs.
This release fixes the SSL memory leak that occurred when the peer sent a certificate chain (Root-Intermediate-Leaf) but the BIG-IP system's SSL configuration has only Root certificate configured as a trusted CA.