Last Modified: Mar 21, 2019
See more info
Known Affected Versions:
11.4.1, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 11.6.4
11.5.0, 11.4.1 HF3
Opened: Nov 19, 2013
When an empty client certificate is received, sometimes client does not send any certificate verify message, so the BIG-IP system waits for certificate verify message until timeout.
The system waits for certificate verify message until timeout.
When an empty client certificate message is sent by client and client does not send certificate verify message.
Now, when an empty client certificate is received, the system clientssl ignores Certificate Verify message. Also, when an empty Certificate Verify message is received, but the Client Certificate is valid, the system sends an Alert with decode error. This is correct behavior.