Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6
Opened: Oct 25, 2016 Severity: 3-Major
After rebooting with an HSM configured, you notice the first few handshakes fail, with the following error signature in /var/log/ltm: warning tmm3[13085]: 01260009:4: Connection error: info tmm3[13085]: 01260013:6: ssl_hs_vfy_sign_srvkeyxchg:9921: sign_srvkeyxchg (80) 1260013:6: SSL Handshake failed for TCP <src> -> <dest>
The initial SSL connections will fail, then normal operation will resume.
This occurs on the first few connections after reboot when an HSM is configured, and seems to occur if the device does not immediately pass traffic after reboot.
None.
None