For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Bernardo_Riveir's avatar
Bernardo_Riveir
Icon for Nimbostratus rankNimbostratus
Feb 12, 2014

SSL client profile, with client certificate auth, stopped working this week with Firefox 27.0 update

is anyone else suffering this very problem? all our Firefox users cannot log in to our website using their client certificates since 27.0 version, although they could with 26.0; (but this same versi...
application delivery
availability
devops
iRules
management
security
n0vac_65442's avatar
n0vac_65442
Icon for Nimbostratus rankNimbostratus
Jul 20, 2014

We fixed the problem by upgrading to 11.5.0 at the time. Support gave me following explanation:

 

"This is Bug alias 451003 Client authentication with Chrome TLSv1.2, LTM SSL sent signature algorithms SHA1-RSA, SHA256-RSA, SHA384-RSA and SHA512-RSA in certificate request message but only SHA1-RSA is supported.

 

We advertise more signature algorithms than we are able to support, then chrome select an algoritm that we do not actually support, ad we end the ssl handshake. Chrome seems to select sha256 by default with tls1.2, if the server advertises it is capable of it.

 

This is fixed in 11.5.0 or later and the solution would be to upgrade BIGIP to 11.5.0 or later."