Bug ID 664528: SSL record can be larger than maximum fragment size (16384 bytes)

Last Modified: Oct 06, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3,,,, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0,,,

Fixed In:

Opened: May 12, 2017
Severity: 3-Major
Related AskF5 Article:


SSL record containing handshake data can exceed maximum fragment size of 16384 bytes because handshake data is not fragmented.


SSL handshake will fail with client or server that properly checks the record size.


This usually happen when a large certificate or certificate chain is configured for server or client authentication.


Use a certificate that is smaller in size.

Fix Information

Properly fragment handshake data.

Behavior Change