issue with default server ssl profile, TCP RSTs send by BIG-IP

Question

ok, weird situation, anyone seen this before?&nbsp;
virtual server listening on 443 with client and server SSL profile. when i use a debug profile (cipher: NONE:RC4+RSA) everything is fine. when i use the default ssl server profile parts of the website dont load. when i look at packet captures i see the BIG-IP is actively RSTing connections to the pool member with the defauls ssl server profile. this appears to happen when the response is larger then a few packets. so some of the traffic gets through, but not everything.&nbsp;
i assume the is some issue with the SSL on the pool member, but how can i explain that it works until the amount of data send by the pool member becomes "too" large? why does the big-ip send a reset on this?&nbsp;
the big-ip version is too low to enable reset packet logging :(&nbsp;

boneyard · Answer

anyone?&nbsp;

boneyard · Answer

this turned out to be related to:
bug 224279 - Previously, if HTTP version responses were split across multiple packets, the connection could stall.  This issue has been corrected.

which was caused by the client side BEAST mitigation based on (1/n-1) record splitting.

Forum Discussion

issue with default server ssl profile, TCP RSTs send by BIG-IP

Recent Discussions

self-directed requests fail because of no certificate

Decode ObjectSID from Base64-encode string

iRule - Url rewrite and header replace and pool selection not working

ip x-forwarding

F5 ASM API-Protection Policy

Related Content

Setting default route using VLANs

vcmp system factory default

HTTPS communication and client and server ssl profile

Default wideip/pool behavior?

Oneconnect profile

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS