fir3net
PPS-Firenetbanner-780.5x190-30-03-17
  • Home
  • Articles
  • Loadbalancers
  • Brocade
  • Brocade ADX - SSL Sessions fail when using CSW and Reverse Proxy

Brocade ADX - SSL Sessions fail when using CSW and Reverse Proxy

Symptoms

You may find that when enabling SSL (termination) and a CSW policy your SSL session fails due to the ADX issuing a RST back to the client.
When running a url debug via rcon you see the following :

URL: process client packet return error CSW_PARSE_ERROR_MAX_MEMORY[80] ???
        Free multiple stored packets.
        HTTP Split State: Waiting Headers!
        HTTP Split State: Incomplete message, waiting for more ...
>> Above Repeated 25 times <<
URL: process client packet return error CSW_PARSE_ERROR_MAX_MEMORY[80] ???

 Issue

This can occur due to a bug with 12.3.1d were the ADX may send a RST back to the client if the client request spans more that 25 SSL records.
Typically this bug is observed in solutions where a reverse proxy is acting as the client due to the way in which the SSL records are split.

Solution

To resolve this issue you can either disable the CSW policy or upgrade to version 12.4.00b.

Tags: ADX

About the Author

RDonato

R Donato

Rick Donato is the Founder and Chief Editor of Fir3net.com. He currently works as a Principal Network Security Engineer and has a keen interest in automation and the cloud.

You can find Rick on Twitter @f3lix001