Bug ID 818109: Certain plaintext traffic may cause SSL Orchestrator to hang

Last Modified: Oct 26, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1

Fixed In:
16.0.0

Opened: Aug 27, 2019
Severity: 3-Major

Symptoms

After upgrading SSL Orchestrator to version 5.x, traffic gets reset, SSL Orchestrator hangs, and tcpdump analysis indicates that connections are being reset due to SSL handshake timeout exceeded.

Impact

SSL Orchestrator hangs on that connection, unable to bypass traffic until the connection times out. Other connections handle traffic during this interval.

Conditions

-- SSL Orchestrator configured. -- Initial plaintext traffic resembles SSLv2 hello message or has less-than-enough bytes for SSL to process.

Workaround

None.

Fix Information

This release adds a db variable to enable/disable SSLv2 hello parsing.

Behavior Change