Bug ID 456853: DTLS cannot handle client certificate when client does not send CertVerify message.

Last Modified: Oct 06, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1

Fixed In:
11.6.0, 11.5.3

Opened: Apr 11, 2014
Severity: 2-Critical


For DTLS, CCS record will be held until all other handshake messages besides Finish are handled. When pcm is set to request, client may not send CertVfy message. BIG-IP system waits for CertVfy until the timeout.


BIG-IP waits for CertVfy until timeout.


-- Reordered DTLS handshake. -- Client does not send CertVerify message



Fix Information

This issue no longer occurs.

Behavior Change