Last Modified: Aug 15, 2023
BIG-IP LTM, SSLO
Known Affected Versions:
17.0.0, 220.127.116.11, 18.104.22.168, 22.214.171.124, 15.1.5
17.1.0, 126.96.36.199, 188.8.131.52
Opened: Mar 16, 2022 Severity: 2-Critical
When an SSL client connects to BIG-IP system and sends an empty certificate, the CLIENTSSL_CLIENTCERT is not triggered for iRules.
CLIENTSSL_CLIENTCERT irules aren't triggered.
- Virtual server configured on BIG-IP with a clientssl profile - Client authentication on the virtual server is set to "request" - iRule relying on CLIENTSSL_CLIENTCERT - A client connects to BIG-IP using an empty certificate
CLIENTSSL_CLIENTCERT irules are now triggered when receiving empty certificates.