Bug ID 644873: ssldump can fail to decrypt captures with certain TCP segmenting

Last Modified: Mar 21, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1

Fixed In:
13.1.0, 12.1.3

Opened: Feb 14, 2017
Severity: 3-Major
Related AskF5 Article:
K97237310

Symptoms

ssldump fails to decrypt a capture. In rare circumstances, ssldump can crash. The ssldump might display output similar to the following: 1 25 0.4781 (0.0000) S>CShort record Unknown SSL content type 224 1 26 0.4781 (0.0000) S>CShort record Unknown SSL content type 142 ... 1 30 0.4781 (0.0000) S>CShort record 1 31 0.6141 (0.1359) S>CV231.213(45857) application_data

Impact

ssldump can fail to fully decrypt the capture starting at the frame where the SSL record spans a TCP segment. Depending on the remaining data in the TCP stream, ssldump can crash.

Conditions

ssldump is decrypting traffic where an SSL record header spans TCP segments.

Workaround

None.

Fix Information

ssldump now successfully decrypt a capture, so ssldump no longer crashes.

Behavior Change