Some clients fail to connect using TCP applications to Solaris server after loading patch 144488-06
Last updated on JULY 29, 2016
Applies to:Solaris Operating System - Version 10 8/11 U10 to 11 11/11 [Release 10.0 to 11.0]
Information in this document applies to any platform.
Incoming connection are failing and not completing the TCP 3-way handshake and the TCP session is reset.
Some non-Solaris clients establising TCP connections ( such as ftp or ssh ) are incorrectly sending window size that is less than MSS size value.
These are usually older Operating systems that have problem in there TCP/IP stack.
An enhancement was made in Solaris to protect TCP against attacker using a small window.
The idea is to stop clients connecting to Solaris asking for large chunks of data but when in fact can only handle small window sizes.
This is a security check.
Problem occurs after updating to Solaris 10 kernel patch 144488-06 or above and with Solaris 11
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms