Bug ID 456853: DTLS cannot handle client certificate when client does not send CertVerify message.

Last Modified: May 14, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1

Fixed In:
11.6.0, 11.5.3

Opened: Apr 11, 2014
Severity: 2-Critical

Symptoms

For DTLS, CCS record will be held until all other handshake messages besides Finish are handled. When pcm is set to request, client may not send CertVfy message. BIG-IP system waits for CertVfy until the timeout.

Impact

BIG-IP waits for CertVfy until timeout.

Conditions

-- Reordered DTLS handshake. -- Client does not send CertVerify message

Workaround

None.

Fix Information

This issue no longer occurs.

Behavior Change