For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Vladimir_Shishk's avatar
Vladimir_Shishk
Icon for Altocumulus rankAltocumulus
Jul 07, 2021

Client cert auth and TLS1.3

Good day.

I have a SSL-site with enabled Client Cert Auth (Client cerificate request, frequency once).

I'm trying to get access to this site with PKI-card via Mozilla and Chrome.

When I enable TLS1.3 (option "no TLSv1.3" in client ssl-profile is disabled), I receive only a certificate request, but don't get a PIN prompt and then have an

ERR_SSL_CLIENT_AUTH_NO_COMMON_ALGORITHMS error.

: Connection error: ssl_hs_rx_tls13_cert:3672: alert(46) no certificate

When I disable TLS1.3 (option no TLSv1.3 is enabled), I receive a certificate request, then enter PIN and after I have an access to web-site via TLS1.2.

What should I do to have an TLS1.3 access to this site?

Thank you.

application delivery
BIG-IP
LTM
security

5 Replies

  • Lidev's avatar
    Lidev
    Icon for Nacreous rankNacreous
    Jul 08, 2021

    Hi,

    what does the /var/log/ltm say when the connexion error appears ?

     

    Regards

    • Vladimir_Shishk's avatar
      Vladimir_Shishk
      Icon for Altocumulus rankAltocumulus
      Jul 08, 2021
      Jul 7 14:59:40 host1 warning tmm[20902]: 01260009:4: client1%1:1029 -> server1%1:443: Connection error: ssl_codec_rx:2314: alert(46) received alert
Jul 7 14:59:40 host1 warning tmm[20902]: 01260013:4: SSL Handshake failed for TCP client1%1:1029 -> server1%1:443
Jul 7 14:59:43 host1 warning tmm3[20902]: 01260009:4: client1%1:32621 -> server1%1:443: Connection error: ssl_codec_rx:2314: alert(46) received alert
Jul 7 14:59:43 host1 warning tmm3[20902]: 01260013:4: SSL Handshake failed for TCP client1%1:32621 -> server1%1:443
Jul 7 14:59:44 host1 warning tmm[20902]: 01260013:4: SSL Handshake failed for TCP client1%1:8457 -> server1%1:443
Jul 7 14:59:46 host1 warning tmm2[20902]: 01260009:4: client1%1:4606 -> server1%1:443: Connection error: ssl_codec_rx:2314: alert(40) received alert
Jul 7 14:59:46 host1 warning tmm2[20902]: 01260013:4: SSL Handshake failed for TCP client1%1:4606 -> server1%1:443
Jul 7 15:00:21 host1 warning tmm1[20902]: 01260009:4: client1%1:33624 -> server1%1:443: Connection error: ssl_codec_rx:2314: alert(42) received alert
Jul 7 15:00:21 host1 warning tmm1[20902]: 01260013:4: SSL Handshake failed for TCP client1%1:33624 -> server1%1:443
Jul 7 15:00:28 host1 warning tmm[20902]: 01260009:4: client1%1:1036 -> server1%1:443: Connection error: ssl_codec_rx:2314: alert(80) received alert
Jul 7 15:00:28 host1 warning tmm[20902]: 01260013:4: SSL Handshake failed for TCP client1%1:1036 -> server1%1:443
  • RicFer's avatar
    RicFer
    Icon for Nimbostratus rankNimbostratus
    Jan 29, 2024

    Hi , have you found a solution to this issue ?

    We are having similar issues with client authentication working with TSL1.2 but partially with TLS1.3.

    Based on the ltm logs we see:

    Connection error: ssl_shim_vfycerterr:4202: alert(46) application verification failure.

    Connection error: ssl_hs_rx_tls13_cert:3726: alert(46) no certificate.

    Any help / hint would be appreciated.

     

  • neeeewbie's avatar
    neeeewbie
    Icon for MVP rankMVP
    May 13, 2024

    Hi. I am experiencing the same problem.

    How can I solve this problem?

    And why is this log displayed after enable the TLSv1.3? 

    Thank you