Bug ID 818109: Certain plaintext traffic may cause SSL Orchestrator to hang

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
14.1.0,,,,,, 14.1.2,,,,,,,,, 14.1.3,, 15.0.0, 15.0.1,,,,, 15.1.0,,,,,, 15.1.1, 15.1.2

Fixed In:
16.0.0,, 14.1.4

Opened: Aug 27, 2019

Severity: 3-Major


After upgrading SSL Orchestrator to version 5.x, traffic gets reset, SSL Orchestrator hangs, and tcpdump analysis indicates that connections are being reset due to SSL handshake timeout exceeded.


SSL Orchestrator hangs on that connection, unable to bypass traffic until the connection times out. Other connections handle traffic during this interval.


-- SSL Orchestrator configured. -- Initial plaintext traffic resembles SSLv2 hello message or has less-than-enough bytes for SSL to process.



Fix Information

This release adds a db variable to enable/disable SSLv2 hello parsing. It is called tmm.ssl.v2compatibility and is disabled by default.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips