BugZero | F5 BugID 1007505 - TLS handshake times out if intermediate CA cert st...

F5 - Defect ID: 1007505

TLS handshake times out if intermediate CA cert status cannot be determined

F5 - Defect ID: 1007505

TLS handshake times out if intermediate CA cert status cannot be determined

Last updated on December 31st, 2025

BugZero Risk Score
8.4 High

Overall: 8.4

Severity: 9.1

Community: 4.2

Lifecycle: 7.0

What is the BugZero Risk Score?

F5 Integration

Learn more about where this data comes from

F5 Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Priority: 2-Critical
Status: Verified
Impact Category: Local Traffic Manager
Views: 163

Description

Symptoms

The BIG-IP system resets an HTTPS connection. SSL handshake failure logs appear in /var/log/ltm: warning tmm1[2555]: 01260013:4: SSL Handshake failed for TCP 10.0.0.l0:443 -> 10.0.0.20:60716 In the server-side packet trace, there is no Client Key Exchange message in response to the Server Hello Done message. The connection then is reset 10 seconds after the Server Hello Done message.

Impact

Clients cannot connect to the HTTPS pool members.

Conditions

-- OCSP is configured for the server SSL profile. -- The OCSP responder cannot determine the intermediate CA cert status.

Workaround

For each affected host, add the certificate of the issuer of the server certificate to the CA bundle specified in the Trusted CA field of the server SSL profile.

Fix Information

None

Change history

2025-04-28 Added: 14.1.4.2, 14.1.4.1, 14.1.4

Top F5 Defects

9.4Defect ID: 1691489
Traffic does not pass through rSereis FIPS system
9.4Defect ID: 1967005
TMM crash on R2x00/R4x00 platforms
9.4Defect ID: 970269
Install fails as lind keeps failing due to "Fatal error: block id new probe failed - device file:/dev/cdrom"
9.4Defect ID: 1429717
APM as oAuth AS intermittently returning HTTP/1.1 400 Bad Request
9.4Defect ID: 2141205
Tpm-status returns: "System Integrity: Invalid" on BIG-IP versions released since October 2025

Ready to prevent the next vendor outage?

Get a demo

F5 - Defect ID: 1007505

TLS handshake times out if intermediate CA cert status cannot be determined

F5 - Defect ID: 1007505

TLS handshake times out if intermediate CA cert status cannot be determined

Last updated on December 31st, 2025

BugZero Risk Score8.4 High

Bug Details

Symptoms

Impact

Conditions

Workaround

Fix Information

Links

Top F5 Defects

Ready to prevent the next vendor outage?

BugZero Risk Score
8.4 High