Bug ID 750204: Add support for P-521 curve in the X.509 chain to SSL LTM

Last Modified: Sep 26, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5

Fixed In:
15.0.0

Opened: Nov 16, 2018
Severity: 3-Major

Symptoms

SSL is unable to verify certificate signed with EC P-521 key.

Impact

Client/server authentication (X.509 signature verification) will failed when using certificate signed with EC P-521 key.

Conditions

N/A

Workaround

Client/server has to use certificate signed with supported EC curve (P-256/P-384).

Fix Information

Add P-521 curve support in X.509 chain verification.

Behavior Change