Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP DNS, GTM
Known Affected Versions:
13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 16.0.0, 16.0.0.1, 16.0.1
Fixed In:
16.1.0, 16.0.1.1, 15.1.2, 14.1.2.7, 13.1.3.6
Opened: Jun 16, 2020 Severity: 2-Critical
The GTM/DNS HTTPS monitor may fail to find the configured receive string in a HTTP response, causing the monitored service to be incorrectly marked down.
A service is incorrectly marked down. This can cause the BIG-IP GTM/DNS to return a suboptimal answer or no answer at all to DNS queries.
This issue occurs when all of the following conditions are true: -- The server being monitored performs an unclean shutdown of the SSL session (the underlying TCP connection is closed without first issuing a close notify alert at the SSL level). -- The server's HTTP response does not terminate with a newline.
This issue can be worked around by performing any one of the following actions: -- Ensure the server issues a close notify alert before it closes the underlying TCP connection. -- Ensure the server's HTTP response ends with a newline.
The GTM/DNS HTTPS monitor no longer fails when the SSL peer performs an unclean shutdown.