Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP LTM, MA-VE, TMOS, vCMP
Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1
Fixed In:
13.1.0, 12.1.3.2
Opened: Jun 08, 2017 Severity: 3-Major Related Article:
K53322151
When the BIG-IP system receives ClientHello messages in multiple fragments, and the first fragment length is less than 9 bytes, SSL might process it as a non-SSL packet.
SSL might process the first fragment as a non-SSL packet, and discard it, and then tear down the TCP connection.
-- The system receives ClientHello messages in multiple fragments. -- The first fragment length is less than 9 bytes.
None.
Now, if the system receives the ClientHello message in multiple fragments, and the first fragment is less than 9 bytes, the system waits for the whole SSL packet to arrive before processing it.