Mutual TLS: accepting sha256 / rsa client certs

Question

We have an F5 setup to use mutual TLS (requesting the client's cert) for some SSL/TLS sites.&nbsp;
The client only has a SHA256 cert. The client can do Mutual TLS with an Apache server but not with the F5 server.&nbsp;
We've traced the problem to the TLS Handshake CERTIFICATE_REQUEST sent by the F5 to the client. It differs from the one sent by the Apache server. &nbsp;
The F5 CERTIFICATE_REQUEST only specs (accepts) one pair of HashAlgorithm / SignatureAlgorithm: 02 01 - sha1 / rsa&nbsp;
==&gt;&gt; How can we set the F5 so it will also accept sha256/rsa client certs?&nbsp;
(I'm an F5 newbie, thanks in advance for providing details.)&nbsp;

leonardo_souza · Answer

You can change the allowed ciphers in the clientssl profile.&nbsp;
This is the solution for v12:&nbsp;
https://support.f5.com/csp/article/K17370&nbsp;
This solutions have multiple links you may use about SSL:&nbsp;
https://support.f5.com/csp/article/K8802&nbsp;

Forum Discussion

Mutual TLS: accepting sha256 / rsa client certs

1 Reply

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Any way to cache HEAD request

can you help with getting a BigIP virtual edition serial key

VIP in https that redirect to another vip in https

In Using the AST tool am I pointing it to TENANTS or to the F5OS(hardware) I have?

2026 is Almost Here

Related Content

What is Mutual TLS (mTLS)?

Mutual authetication from imperva to F5

Verifying Slack Requests with Mutual TLS

use irule to sign data using sha256

Geolocation accept per url path

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS