Last Modified: May 14, 2019
See more info
BIG-IP LTM, TMOS, vCMP, VE
Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 188.8.131.52, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1
Opened: Jun 08, 2017
Related AskF5 Article: K53322151
When the BIG-IP system receives ClientHello messages in multiple fragments, and the first fragment length is less than 9 bytes, SSL might process it as a non-SSL packet.
SSL might process the first fragment as a non-SSL packet, and discard it, and then tear down the TCP connection.
-- The system receives ClientHello messages in multiple fragments. -- The first fragment length is less than 9 bytes.
Now, if the system receives the ClientHello message in multiple fragments, and the first fragment is less than 9 bytes, the system waits for the whole SSL packet to arrive before processing it.