Bug ID 727292: SSL in proxy shutdown case does not deliver server TCP FIN

Last Modified: Sep 13, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1

Fixed In:
14.1.0, 13.1.1.5, 12.1.5

Opened: Jul 09, 2018
Severity: 3-Major

Symptoms

Connection is not torn down.

Impact

Potential resource exhaustion.

Conditions

HTTPS server disconnects connection when in handshake.

Workaround

You can mitigate this condition in either of the following ways: -- Wait for system to clean up lingering connections. -- Use tmsh to clean up connections. (Note: Sometimes this might not work as expected depending on conditions.) -- If this happens on the config-sync channel, use a different self-ip for config-sync on the affected device.

Fix Information

SSL server side handles this error situation by sending out all remaining egress data and sending a shutdown signal to lower filters.

Behavior Change