Forum Discussion

Nimbostratus

Mar 01, 2018

Client SSL authentication error - hs msg overflow

I'm trying to set up 2-way SSL with a SSL bridging scenario using LTM 12.1.2. As of right now the "server" side of this is working, with the F5 sending a cert to the server and requiring an auth cer...

Nimbostratus

Mar 09, 2018

For anyone having a similar issue, it turns out the problem was using the default ca-bundle on the F5 for the "Advertised Certificate Authorities" portion of client auth. It appears that some servers require that this field NOT be NULL, but sending the default ca-bundle was too large for the SSL handshake. I created a new CA bundle using only the public cert of our internal CA and it worked.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Client SSL authentication error - hs msg overflow

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Not seeing the latest F5OS-A when running Journeys

Related Content

SSL Profiles Part 8: Client Authentication

Configuring APM Client Side NTLM Authentication

BIG-IQ Client Certificate (PKI) Authentication

Selective Client Cert Authentication

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS