Bug ID 456853

Bug Tracker
ID 456853

Bug ID 456853: DTLS cannot handle client certificate when client does not send CertVerify message.

Last Modified: Apr 28, 2025

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2, 11.5.2 HF1

Fixed In:
11.6.0, 11.5.3

Opened: Apr 11, 2014

Severity: 2-Critical

Symptoms

For DTLS, CCS record will be held until all other handshake messages besides Finish are handled. When pcm is set to request, client may not send CertVfy message. BIG-IP system waits for CertVfy until the timeout.

Impact

BIG-IP waits for CertVfy until timeout.

Conditions

-- Reordered DTLS handshake. -- Client does not send CertVerify message

Workaround

None.

Fix Information

This issue no longer occurs.

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips