Bug ID 554593: SSL might report a memory leak in a specific configuration.

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP All(all modules)

Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:
12.1.0, 12.0.0 HF3

Opened: Oct 27, 2015

Severity: 3-Major

Related Article: K30092425

Symptoms

In the output of 'tmsh show sys memory', the 'ssl' and 'work' memory usage is growing and not seen to free memory.

Impact

The memory usage grows, and the system might eventually be out of memory.

Conditions

SSL has memory leak when peer sent a certificate chain (Root-Intermediate-Leaf) but the BIG-IP system's SSL configuration has only Root certificate configured as a trusted CA.

Workaround

To work around this, configure SSL to trust all 'intermediate CAs' and 'root CA' certs, not just 'root CA' certs.

Fix Information

This release fixes the SSL memory leak that occurred when the peer sent a certificate chain (Root-Intermediate-Leaf) but the BIG-IP system's SSL configuration has only Root certificate configured as a trusted CA.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips