Bug ID 674362: TMM crashes due to inconsistent SSL forward proxy state in two-unit SSLo deployment

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3

Fixed In:
13.1.0, 13.0.1

Opened: Jul 17, 2017

Severity: 2-Critical

Symptoms

A race condition between SSL forward proxy lookup forged certificate and the server SSL handshake could cause the invalid forge certificate state with a NULL hash algorithm, causing tmm panics.

Impact

TMM generates a core file. Traffic disrupted while tmm restarts.

Conditions

-- Two-unit SSLo deployment. -- Transparent or explicit proxy modes.

Workaround

There is no workaround at this time.

Fix Information

This race condition no longer occurs, so the issue no longer occurs.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips