Bug ID 693994: F5 VPN or Edge Client may drop DTLS and use TLS if DTLS packet reordering happens

Last Modified: Nov 07, 2022

Affected Product(s):
APM-Clients APM(all modules)

Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3

Fixed In:
13.0.1

Opened: Nov 11, 2017

Severity: 3-Major

Related Article: K11043437

Symptoms

F5 VPN or Edge Client may drop DTLS and use TLS if DTLS packet reordering happens. Only Mac and Linux clients are affected. Messages in svpn log indicate bad HTTP header, for example: 2017-10-18,20:20:37:764, 56666,2126506,svpn, 1, /UHTTPChannel.cpp, 414, UHTTPChannel::beginConnection(), EXCEPTION - Could not parse HTTP header.

Impact

UDP packet reordering happens at a specific point of PPP negotiation. TLS is used instead of DTLS.

Conditions

-- F5 VPN or EdgeClient is used. -- Linux or Mac clients.

Workaround

None.

Fix Information

Previously, clients connecting via F5 VPN or Edge Client on Mac or Linux using DTLS might switch to TLS if DTLS packet reordering occurred. Now, Mac and Linux Edge Clients can handle UDP packet reordering and continue to use DTLS.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips