Bug ID 676028: SSL forward proxy bypass may fail to release memory used for ssl_hs instances

Last Modified: Oct 06, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3,,,, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3

Fixed In:
13.1.0, 13.0.1,

Opened: Jul 28, 2017
Severity: 2-Critical
Related AskF5 Article:


TMM leaks memory used for ssl_hs instances when using SSL forward proxy when bypass is enabled.


TMM will core after running out of memory, which impacts availability.


-- The leak can be triggered by iRules, where a duplicate forward proxy lookup is initiated and interferes with the initial asynchronous lookup. -- SSL Forward Proxy with SSL Forward Proxy Bypass are enabled.



Fix Information

Resolved by preventing duplicate forward proxy lookup.

Behavior Change