Bug ID 750204: Add support for P-521 curve in the X.509 chain to SSL LTM

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6

Fixed In:
15.0.0

Opened: Nov 16, 2018

Severity: 3-Major

Symptoms

SSL is unable to verify certificate signed with EC P-521 key.

Impact

Client/server authentication (X.509 signature verification) will failed when using certificate signed with EC P-521 key.

Conditions

N/A

Workaround

Client/server has to use certificate signed with supported EC curve (P-256/P-384).

Fix Information

Add P-521 curve support in X.509 chain verification.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips