Bug ID 693994: F5 VPN or Edge Client may drop DTLS and use TLS if DTLS packet reordering happens

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
APM-Clients APM(all modules)

Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3

Fixed In:
13.0.1

Opened: Nov 11, 2017
Severity: 3-Major
Related AskF5 Article:
K11043437

Symptoms

F5 VPN or Edge Client may drop DTLS and use TLS if DTLS packet reordering happens. Only Mac and Linux clients are affected. Messages in svpn log indicate bad HTTP header, for example: 2017-10-18,20:20:37:764, 56666,2126506,svpn, 1, /UHTTPChannel.cpp, 414, UHTTPChannel::beginConnection(), EXCEPTION - Could not parse HTTP header.

Impact

UDP packet reordering happens at a specific point of PPP negotiation. TLS is used instead of DTLS.

Conditions

-- F5 VPN or EdgeClient is used. -- Linux or Mac clients.

Workaround

None.

Fix Information

Previously, clients connecting via F5 VPN or Edge Client on Mac or Linux using DTLS might switch to TLS if DTLS packet reordering occurred. Now, Mac and Linux Edge Clients can handle UDP packet reordering and continue to use DTLS.

Behavior Change