Last Modified: Nov 07, 2022
Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3
Opened: Nov 11, 2017 Severity: 3-Major Related Article:
Related Article: K11043437
F5 VPN or Edge Client may drop DTLS and use TLS if DTLS packet reordering happens. Only Mac and Linux clients are affected. Messages in svpn log indicate bad HTTP header, for example: 2017-10-18,20:20:37:764, 56666,2126506,svpn, 1, /UHTTPChannel.cpp, 414, UHTTPChannel::beginConnection(), EXCEPTION - Could not parse HTTP header.
UDP packet reordering happens at a specific point of PPP negotiation. TLS is used instead of DTLS.
-- F5 VPN or EdgeClient is used. -- Linux or Mac clients.
Previously, clients connecting via F5 VPN or Edge Client on Mac or Linux using DTLS might switch to TLS if DTLS packet reordering occurred. Now, Mac and Linux Edge Clients can handle UDP packet reordering and continue to use DTLS.