Bug ID 500945: Firefox 35 or later cannot connect to BIG-IP virtual server with clientssl profile in TLS1.2

Last Modified: Oct 01, 2018

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
11.2.1, 11.4.1

Fixed In:
11.4.1 HF9

Opened: Jan 14, 2015
Severity: 2-Critical

Symptoms

Firefox 35 fails to negotiate security protocol during SSL handshake with BIG-IP's virtual server in case of client SSL profile contains Client Certificate Authentication (request/require). Issue is reproducible only with new Firefox 35 beta (35.0) or later when using TLS1.2.

Impact

Cannot connect to the BIG-IP virtual server using the Firefox version 35 or later.

Conditions

This occurs when using Firefox version 35 or later to connect to virtual server using TLS1.2.

Workaround

Any of the below 2 methods will work. 1. Use a different browser. Or 2. Disable TLS1.2 (configure No TLSv1.2 in the Options List of the ClientSSL profile).

Fix Information

None

Behavior Change