Bug ID 1088173: With TLS 1.3, client Certificate is stored after HANDSHAKE even if retain-certificate parameter is disabled in SSL profile

Last Modified: Sep 29, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2

Fixed In:
15.1.7

Opened: Mar 19, 2022
Severity: 3-Major

Symptoms

Log files indicate that the client certificate is retained when it should not be.

Impact

Storage of client certificates will increase memory utilization.

Conditions

Enable TLS 1.3 and disable retain-certificate parameter in SSL profile

Workaround

None

Fix Information

None

Behavior Change