Bug ID 693563: No warning when LDAP is configured with SSL but with a client certificate with no matching key

Last Modified: May 01, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP Install/Upgrade, LTM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.4

Opened: Nov 08, 2017
Severity: 2-Critical
Related AskF5 Article:
K22942093

Symptoms

When LDAP auth is configured with SSL: - Authentication attempts fail - Packet captures between the BIG-IP system and the LDAP server show the BIG-IP system sending FIN after TCP handshake.

Impact

LDAP auth fails. There is no warning that the auth failed.

Conditions

LDAP auth is configured with SSL with client cert set but no matching key.

Workaround

Configure a key that matches the specified client certificate.

Fix Information

None

Behavior Change