Users are unable to load sites when involving large Server Hello when passing through SSLV running either 4.5.15.2 or 5.5.1.1 and below. This setup is where SSLV had a cut-through rule configured for the site.

As Server Hello became larger than it can fit in a frame, Server Hello gets fragmented. Protection Against Wrapped Sequence Numbers (PAWS) may occasionally drop frames of TLS handshake causing this issue.

TCP timestamps, defined in RFC 1323, are a 12-byte extension to the TCP header used for Round-Trip Time Measurement (RTTM) which gets updated whenever an exchange of large frame happens. TCP timestamps are also used to invoke Protection Against Wrapped Sequence Numbers (PAWS). PAWS prevents data corruption on high-speed networks by rejecting old, duplicated segments that arrive after sequence numbers have wrapped around, ensuring accurate packet ordering. 

Please review KB 427513 to determine if TCP timestamps are causing PAWS errors on the SSLV.

4.5.15.2 and 5.5.1.1 addresses this issue.

Workaround: 

If SSLV is deployed with proxy segment, performing SSL Interception on Edge SWG would workaround this issue