Bug ID 625565: SSL error message is missing important information

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP TMOS(all modules)

Known Affected Versions:
11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1

Fixed In:
13.1.0

Opened: Oct 28, 2016

Severity: 3-Major

Symptoms

If a SSL error occurs while running the iqsh utility or when BIG-IP DNS/GTM attempts to establish an SSL connection, then the system will dump certain pieces of information about the attempted connection but won't include the return code from OpenSSL (which indicates what the error actually was).

Impact

The SSL connection has already failed by the time this error is displayed. Without the additional return code information it may be difficult to diagnose why the failure occurred.

Conditions

An SSL error occurs while running the iqsh utility or when BIG-IP DNS/GTM attempts to establish an ssl connection.

Workaround

There is no workaround at this time.

Fix Information

The error code is output as a string indicating which of the defined errors occurred. See 'man SSL_get_error' for details on what each code means.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips