Bug ID 676028: SSL forward proxy bypass may fail to release memory used for ssl_hs instances

Last Modified: May 14, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3

Fixed In:
13.1.0, 13.0.1, 12.1.3.4

Opened: Jul 28, 2017
Severity: 2-Critical
Related AskF5 Article:
K09689143

Symptoms

TMM leaks memory used for ssl_hs instances when using SSL forward proxy when bypass is enabled.

Impact

TMM will core after running out of memory, which impacts availability.

Conditions

The leak can be triggered by iRules, where a duplicate forward proxy lookup is initiated and interferes with the initial asynchronous lookup.

Workaround

None.

Fix Information

Resolved by preventing duplicate forward proxy lookup.

Behavior Change