Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP APM
Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3
Fixed In:
13.1.0, 13.0.1, 12.1.3, 11.6.2
Opened: Mar 25, 2016 Severity: 3-Major Related Article:
K11736022
Browser shows a "corrupted connect error" when access policy runs On-Demand Cert Auth on an IPv6 virtual server. The root cause is that in packet capture, the APM sends an HTTP 302 with invalid brackets around the hostname, like this: Location: https://[login.example.com]/my.policy Brackets around IPv6 addresses are for raw IPv6 addresses. They are illegal for DNS names that represent an IPv6 address.
Client is unable to authenticate.
IPv6 virtual server, and On-Demand Cert Auth in the access policy. Only applies if a DNS hostname is used. Raw IPv6 addresses are not affected.
None.
Clients connecting to an APM access policy with on-demand certificate authentication to an IPv6 virtual server now transmit the client certificate correctly when executing the access policy.