Bug ID 725696: A timer loop might occur when OCSP Stapling is enabled resulting in tmm getting aborted

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP TMOS(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 14.0.0, 14.0.0.1, 14.0.0.2

Fixed In:
14.1.0, 14.0.0.3, 13.1.1.2

Opened: Jun 26, 2018

Severity: 2-Critical

Symptoms

When OCSP Stapling is enabled on a client SSL profile, certain uncommon operations might result in a tmm timer queue getting into a loop, which results in tmm being aborted by sod. tmm restart

Impact

tmm restarts. Traffic interrupted while tmm restarts.

Conditions

-- There are SSL handshakes waiting for an OCSP response, and one of the following: + There is a CMP transition. + There are changes made to the OCSP object.

Workaround

There is no workaround other than disabling OCSP stapling.

Fix Information

The timer issue has been corrected.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips