Forum Discussion

Nimbostratus

Mar 01, 2018

Client SSL authentication error - hs msg overflow

I'm trying to set up 2-way SSL with a SSL bridging scenario using LTM 12.1.2. As of right now the "server" side of this is working, with the F5 sending a cert to the server and requiring an auth cer...

Nimbostratus

Mar 09, 2018

For anyone having a similar issue, it turns out the problem was using the default ca-bundle on the F5 for the "Advertised Certificate Authorities" portion of client auth. It appears that some servers require that this field NOT be NULL, but sending the default ca-bundle was too large for the SSL handshake. I created a new CA bundle using only the public cert of our internal CA and it worked.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Client SSL authentication error - hs msg overflow

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

F5 Academies Are Back – And We’re Coming to a City Near You

Recent Discussions

In F5 APM, how to include multiple DNS suffix?

Issue while migrating config from 4000s to r4600

Username is not filled in EdgeClient in the Modern customization

Cert Bundle Manager

Question regarding F5 Viprion Configuration Migration to VE.

Related Content

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

BIG-IQ Client Certificate (PKI) Authentication

Selective Client Cert Authentication

Doing mTLS Authentication per URL

IIS 6.0 WebDAV Buffer Overflow

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS