Bug ID 676028: SSL forward proxy bypass may fail to release memory used for ssl_hs instances

Last Modified: Oct 06, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3

Fixed In:
13.1.0, 13.0.1, 12.1.3.4

Opened: Jul 28, 2017
Severity: 2-Critical
Related AskF5 Article:
K09689143

Symptoms

TMM leaks memory used for ssl_hs instances when using SSL forward proxy when bypass is enabled.

Impact

TMM will core after running out of memory, which impacts availability.

Conditions

-- The leak can be triggered by iRules, where a duplicate forward proxy lookup is initiated and interferes with the initial asynchronous lookup. -- SSL Forward Proxy with SSL Forward Proxy Bypass are enabled.

Workaround

None.

Fix Information

Resolved by preventing duplicate forward proxy lookup.

Behavior Change