Bug ID 562886: If HSM connectivity is lost, ssl can consume a lot of memory

Last Modified: Jan 16, 2024

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:
12.1.0, 11.6.2, 11.5.5

Opened: Dec 14, 2015

Severity: 2-Critical

Symptoms

If network HSM is in use, and the connections is lost, SSL can consume all of the system memory and tmm can core.

Impact

Performance and memory pressure; Traffic disrupted while tmm restarts.

Conditions

Network HSM is used but the connection is lost

Workaround

None.

Fix Information

The number of outstanding SSL handshakes is capped, thus the total memory used is capped so this condition will no longer cause a tmm crash.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips