Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.5.3 HF1, 11.5.3 HF2, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.4.1, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2
Fixed In:
12.0.0, 11.6.0 HF6
Opened: Dec 10, 2014 Severity: 3-Major Related Article:
K16610
SSL is stuck at signature check for server side certificates and hence can't complete the SSL handshake.
SSL handshake fails. The handshake hangs until the timeout.
The issue can be seen when it meets the following conditions: 1. The backend server is Microsoft IIS or Netty. 2. serverSSL profile requires server side certificate authentication.
To work around this issue, you can configure the back-end Netty based SSL servers to use a Certificate Authority (CA) signed certificate. Otherwise, do not use use 'peer-cert-mode require'.
SSL verification error no longer occurs when using server side certificate.