Bug ID 878641: "TLS1.3 certificate request message does not contain CAs" not fixed?
BigIP Version: 16.1.3.3
Hello community,
when trying to configure Client-Certificate-Authentication in a clientssl-profile with "Advertised Certificate Authorities" we found that with TLS1.3 the list is empty:
openssl s_client
=> No client certificate CA names sent
when using TLS1.2 it works:
=> Acceptable client certificate CA names
<list of CAs>
This looks exactly like https://cdn.f5.com/product/bugtracker/ID878641.html which lists just 15.x as affected and as fixed. Our box uses 16.1.3.3.
Could someone explain what that means? Versions 16.x are not known to be affected or "should" be fixed in 16.x as well? The KB https://my.f5.com/manage/s/article/K07245790 lists all versions as affected, however.
Can someone confirm the bug in versions 16.x?
Thanks!
Finally, i can answer to myself:
The updated version of the Bug shows, that F5 didn't provide the right info:
https://cdn.f5.com/product/bugtracker/ID878641.html
Affected versions still without the 16.x tree, but "Fixed in" 16.1.4.
And i can confirm the bug is fixed in our 16.1.4.