Random Session Disconnection with RST Code 9952 / 9820 when Using AES-GCM Ciphers
Article ID: CTX224246
Updated On:
Description
- After an upgrade to NS 11.1 49.16.nc, user sessions are disconnected randomly
- A number of HTTP requests are failing intermittently, with error net::ERR_SSL_PROTOCOL_ERROR
- This error correlates to a TLSv1.2 alert message:
Alert (Level: Fatal, Description: Bad Record MAC)
- This is then followed by TCP connection reset (RST code 9952)
- A Reset code of 9820 can also be seen in some cases with or without the Fatal Alert
- Issue is not seen when GCM Ciphers are disabled.
Resolution
Issue is fixed in:
NS 11.1 Build 53.x or higher
NS 12.0 Build 34.x or higher
SSL connection problem in Cavium SSL chips caused by GCM-based ciphers
NS 11.1 Build 53.x or higher
NS 12.0 Build 34.x or higher
Problem Cause
Issue ID #659782SSL connection problem in Cavium SSL chips caused by GCM-based ciphers
Additional Information
Fix ref. #659782
Was this article helpful?
Yes
No
Powered by
