Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.5.3 HF1, 11.5.3 HF2, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1
Fixed In:
13.0.0, 12.1.2, 11.6.1 HF2
Opened: Jun 26, 2016 Severity: 3-Major Related Article:
K21331842
Using certain iRules on virtual servers with OCSP Stapling enabled on the Client SSL profile might cause OCSP requests to be reissued, resulting in a memory leak. You may notice warning messages similar to the following in /var/log/ltm: warning tmm[11300]: 011e0003:4: Aggressive mode sweeper: /Common/default-eviction-policy (0) (global memory) 115 Connections killed.
TMM memory used increases gradually, eventually the aggressive mode sweeper is activated.
This occurs when the following conditions are met: -- Virtual server with OCSP Stabling enabled. -- iRule attached to the virtual server that uses SSL::renegotiate.
None.
Using certain iRules on virtual servers with OCSP Stapling enabled on the Client SSL profile no longer causes OCSP requests to be reissued, so there is no associated memory leak.