For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Bernardo_Riveir's avatar
Bernardo_Riveir
Icon for Nimbostratus rankNimbostratus
Feb 12, 2014

SSL client profile, with client certificate auth, stopped working this week with Firefox 27.0 update

is anyone else suffering this very problem? all our Firefox users cannot log in to our website using their client certificates since 27.0 version, although they could with 26.0; (but this same versi...
application delivery
availability
devops
iRules
management
security
Bernardo_Riveir's avatar
Bernardo_Riveir
Icon for Nimbostratus rankNimbostratus
Feb 13, 2014

Workarounds!

 

it has to do with the new TSL 1.2 support in FireFox 27.0.

 

  • in the client, about:config allows you to change security.tls.version.max to something less than the default "3"; of course, this deactivates TLS 1.2 negotiation with every other web, so it is NOT ok (and forces you to ask the user to change things)

     

  • in the server, modifying the client SSL profile, adding (in advanced configuration) the "No TLSv1" option; that also is NOT OK, as SSL is insecure, old, blah blah... :)

     

is there any known bug with client certificate negotiation and TLS 1.2 support in F5 BIG-IP LTM?