Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1
Fixed In:
13.1.0
Opened: Aug 11, 2016 Severity: 3-Major
LTM does not support SSLI Client Certificate Constrained Delegation Support (C3D).
No C3D support.
Using LTM.
None.
ProxySSL allows a client and server to perform mutual authentication. It supports RSA key exchange only and will not work with PFS. The C3D support allows servers that require authentication of the client certificate to work. Basically, C3D performs client authentication on the client side and then forges a client certificate on the server side if server requests a client certificate. C3D is disabled by default. Enabling C3D has a performance impact.