Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

pcourtois's avatar
pcourtois
Icon for Cirrus rankCirrus
Feb 27, 2026

Random TCP Resets from F5

Good day all,   I am researching an intermittent and random issue where our F5 WAFs respond to customers with the following:  "An error occurred while sending the request.::Unable to read data fro...
handshake timeout
tcp reset
pcourtois's avatar
pcourtois
Icon for Cirrus rankCirrus
Mar 02, 2026

Daniel_Wolf​ and Juergen_Mang​,

Here are the logs from my dev Big-IP for the "(tmos)# show /net rst-cause".  These two views of the logs were taken 2 minutes apart.  You can see the increase in "handshake timeout."  In your experience, would increasing "handshake timeout" in our client ssl profile help?

 

-------------------------------------------------

TCP/IP Reset Cause

RST Cause: Count

-------------------------------------------------

Flow expired (sweeper) 75008

Flow expired (sweeper: pool member down) 992

HTTP header size exceeded by client 15

ICMP unreachable received 4

Incomplete chunked response 47

Malformed HTTP header error 128

No flow found for ACK 158313

No pool member available 154381

No server selected 120

RST from BIG-IP internal Linux host 14233

SSL error 12

SSL handshake timeout exceeded 11014

SSL proxy shutdown 50

TCP RST from remote system 161318

TCP bad flags 6

TCP closed 18

TCP keep-alive timeout 232

TCP retransmit timeout 13849

TCP zero window timeout 6

handshake timeout 5020190

iRule execution error 33

 

-------------------------------------------------

TCP/IP Reset Cause

RST Cause: Count

-------------------------------------------------

Flow expired (sweeper) 75013

Flow expired (sweeper: pool member down) 992

HTTP header size exceeded by client 15

ICMP unreachable received 4

Incomplete chunked response 47

Malformed HTTP header error 128

No flow found for ACK 158315

No pool member available 154404

No server selected 120

RST from BIG-IP internal Linux host 14233

SSL error 12

SSL handshake timeout exceeded 11015

SSL proxy shutdown 50

TCP RST from remote system 161318

TCP bad flags 6

TCP closed 18

TCP keep-alive timeout 232

TCP retransmit timeout 13849

TCP zero window timeout 6

handshake timeout 5020388

iRule execution error 33

 

 

I've also enabled SSL Debug logs and have multiple logs of the following that don't really provide much detail:

warning tmm1[11842]: 01260013:4: SSL Handshake failed for TCP clientIP:port -> bigip:port