Some clients fail to connect using TCP applications to Solaris server after loading patch 144488-06 (Doc ID 1376666.1)

Last updated on JULY 29, 2016

Applies to:

Solaris Operating System - Version 10 8/11 U10 to 11 11/11 [Release 10.0 to 11.0]
Information in this document applies to any platform.

Symptoms


Incoming connection are failing and not completing the TCP 3-way handshake and the TCP session is reset.
Some non-Solaris clients establising TCP connections ( such as ftp or ssh )  are incorrectly sending window size that is less than MSS size value.
These are usually older Operating systems that have problem in there TCP/IP stack.
An enhancement was made in Solaris to protect TCP against attacker using a small window.
The idea is to stop clients connecting to Solaris asking for large chunks of data but when in fact can only handle small window sizes.
This is a security check.

Changes

Problem occurs after updating to Solaris 10 kernel patch  144488-06 or above and with Solaris 11

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms