Bug ID 1032949: Dynamic CRL configured with client authentication profile as "Request" causes connection termination without certificate.

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP TMOS(all modules)

Known Affected Versions:
15.1.3,, 15.1.4,, 16.0.0,, 16.0.1,,, 16.1.0, 16.1.1, 16.1.2

Fixed In:
17.0.0,, 15.1.5

Opened: Jul 12, 2021

Severity: 3-Major


When you configure Dynamic CRL and set the client authentication as "Request", the handshake fails when clients do not supply a certificate.


SSL handshake fails


Clientssl profile configured with the following: 1. Dynamic CRL 2. Client Authentication enabled with "Request" option


Workaround 1: Use Static CRL Workaround2: Use Client authentication with either "Require" or "Ignore" Workaround3: Disable TLS1.2 and below versions in the Client SSL profile. Which means allow only TLS1.3 traffic.

Fix Information


Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips