Last Modified: May 29, 2024
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 13.1.5, 13.1.5.1, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5
Fixed In:
16.0.0, 15.1.5.1, 14.1.4.1
Opened: Mar 04, 2019 Severity: 3-Major
A BIG-IP system in a high availability (HA) configuration might exhibit slow performance in handling TLS/SSL traffic and experience 'SSL handshake timeout' errors. Messages such as the following can appear in the "ltm" log: 01260009:4: Connection error: hud_ssl_handler:1554: codec alert (20)
-- In Scenario 1, the sync operations causes the session cache to be out-of-sync between active and standby nodes. -- In Scenario 2, the save operation clears the session cache on the standby node. As a result, the session cache might be out-of-sync between active and standby nodes. In either Scenario: -- SSL Connection mirroring fails and posts the timeout message. -- The high availability (HA) system performance becomes degraded due to SSL connection timeout.
This might occur in either of the following scenarios: Scenario 1 -- Manual sync operations are performed during while traffic is being passed. -- SSL Connection mirroring is enabled. Scenario 2 -- Saving configuration on an high availability (HA) Standby node during while traffic is being passed. -- SSL Connection mirroring is enabled.
-- Disable SSL session caching by setting 'Cache Size' in the client SSL profile option to 0. -- Set device management sync type to Automatic with incremental sync.
N/A