Forum Discussion

Nimbostratus

Mar 01, 2018

Client SSL authentication error - hs msg overflow

I'm trying to set up 2-way SSL with a SSL bridging scenario using LTM 12.1.2. As of right now the "server" side of this is working, with the F5 sending a cert to the server and requiring an auth cer...

Nimbostratus

Mar 09, 2018

For anyone having a similar issue, it turns out the problem was using the default ca-bundle on the F5 for the "Advertised Certificate Authorities" portion of client auth. It appears that some servers require that this field NOT be NULL, but sending the default ca-bundle was too large for the SSL handshake. I created a new CA bundle using only the public cert of our internal CA and it worked.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Client SSL authentication error - hs msg overflow

AppWorld Berlin iRules Contest!

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

Recent Discussions

Priority Group Activation is not working

Changes to DO and AS3 GitHub - no longer monitored

SSL Forward Proxy, iRules and Client Hello

monitor/healthcheck issue with envoy gateway

Recommendation for Adv. Lab

Related Content

SSL Profiles Part 8: Client Authentication

Configuring APM Client Side NTLM Authentication

BIG-IQ Client Certificate (PKI) Authentication

Selective Client Cert Authentication

Client SSL Authentication on BIG-IP as in-depth as it can go

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS