Bug ID 664528: SSL record can be larger than maximum fragment size (16384 bytes)

Last Modified: Jul 13, 2024

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3,,,, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0,,,

Fixed In:

Opened: May 12, 2017

Severity: 3-Major

Related Article: K53282793


SSL record containing handshake data can exceed maximum fragment size of 16384 bytes because handshake data is not fragmented.


SSL handshake will fail with client or server that properly checks the record size.


This usually happen when a large certificate or certificate chain is configured for server or client authentication.


Use a certificate that is smaller in size.

Fix Information

Properly fragment handshake data.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips