Bug ID 1088173: With TLS 1.3, client Certificate is stored after HANDSHAKE even if retain-certificate parameter is disabled in SSL profile

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5

Fixed In:
17.1.0, 16.1.4, 15.1.7

Opened: Mar 19, 2022

Severity: 3-Major

Symptoms

Log files indicate that the client certificate is retained when it should not be.

Impact

Storage of client certificates will increase memory utilization.

Conditions

Enable TLS 1.3 and disable retain-certificate parameter in SSL profile

Workaround

None

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips