Bug ID 574153: If an SSL client disconnects while data is being sent to SSL client, the connection may stall until TCP timeout.

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.5.3 HF1, 11.5.3 HF2, 11.5.4 HF1, 11.5.4 HF2, 11.4.0, 11.4.1, 11.6.0, 11.6.1, 11.6.2, 11.6.3,,,,, 11.6.4, 11.6.5,,,, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:
12.1.0, 11.6.1 HF2, 11.5.4 HF3

Opened: Feb 17, 2016

Severity: 2-Critical

Related Article: K47306383


If an SSL connection gracefully begins to disconnect at the same time as data is being encrypted by SSL acceleration hardware, the connection will remain open until the TCP profile timeout occurs instead of being closed immediately. This can cause unwanted higher memory usage, possibly causing crashes elsewhere.


There is a potential for higher memory usage, which in turn may cause TMM crash due to memory exhaustion resulting in service disruption.


* A virtual server with ClientSSL or ServerSSL profile. * BIG-IP SSL acceleration hardware. * While an SSL record is being encrypted by SSL accelerator hardware, the SSL connection begins to close by client TCP FIN or by any iRule command that closes the connection.


If the affected SSL traffic does not include any long idle periods, memory consumption can be mitigated by reducing the idle timeout of the TCP or SCTP profile.

Fix Information

SSL connections now disconnect normally if a disconnect attempt occurs while data is being encrypted by SSL acceleration hardware.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips