Bug ID 583272: "Corrupted Connect Error" when using IPv6 and On-Demand Cert Auth

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
11.6.0, 11.6.1, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1, 12.1.2, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3

Fixed In:
13.1.0, 13.0.1, 12.1.3, 11.6.2

Opened: Mar 25, 2016

Severity: 3-Major

Related Article: K11736022


Browser shows a "corrupted connect error" when access policy runs On-Demand Cert Auth on an IPv6 virtual server. The root cause is that in packet capture, the APM sends an HTTP 302 with invalid brackets around the hostname, like this: Location: https://[login.example.com]/my.policy Brackets around IPv6 addresses are for raw IPv6 addresses. They are illegal for DNS names that represent an IPv6 address.


Client is unable to authenticate.


IPv6 virtual server, and On-Demand Cert Auth in the access policy. Only applies if a DNS hostname is used. Raw IPv6 addresses are not affected.



Fix Information

Clients connecting to an APM access policy with on-demand certificate authentication to an IPv6 virtual server now transmit the client certificate correctly when executing the access policy.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips