Last Modified: May 29, 2024
Affected Product(s):
BIG-IP TMOS
Known Affected Versions:
15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 16.0.0, 16.0.0.1, 16.0.1, 16.0.1.1, 16.0.1.2, 16.1.0, 16.1.1, 16.1.2
Fixed In:
17.0.0, 16.1.2.1, 15.1.5
Opened: Jul 12, 2021 Severity: 3-Major
When you configure Dynamic CRL and set the client authentication as "Request", the handshake fails when clients do not supply a certificate.
SSL handshake fails
Clientssl profile configured with the following: 1. Dynamic CRL 2. Client Authentication enabled with "Request" option
Workaround 1: Use Static CRL Workaround2: Use Client authentication with either "Require" or "Ignore" Workaround3: Disable TLS1.2 and below versions in the Client SSL profile. Which means allow only TLS1.3 traffic.
N/A