For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Janez's avatar
Janez
Icon for Nimbostratus rankNimbostratus
Jan 23, 2020

SSL Handshake failed - client certificate authentication and also without certificate

Hello,   I have question. We have plan to migrate web app which have 2 different type authentication. One is with without cerificate and secont autentication is with certificate. I did custom cli...
application delivery
ASM Advanced WAF
LTM
security
Janez's avatar
Janez
Icon for Nimbostratus rankNimbostratus
Jan 27, 2020

Hello,

 

Proxy SSL is problem because customer use ECDHE or any ciphers with Perfect Forward Secrecy.

 

Here is client profile:

 

ltm profile client-ssl /Common/client-SSL {

  app-service none

  ca-file /Common/Cert.crt

  cert /Common/Cert.crt

  cert-key-chain {

    Cert_chain {

      cert /Common/Cert.crt

      chain /Common/Cert_CA.crt

      key /Cert-Key.key

    }

  }

  chain /Common/Common/Cert_CA.crt

  cipher-group none

  ciphers DEFAULT

  defaults-from /Common/clientssl

  inherit-certkeychain false

  key /Common/Cert-Key.key

  passphrase none

  peer-cert-mode request

  ssl-c3d enabled

}

 

And Server profile:

 

ltm profile server-ssl /Common/Server-SSL {

  app-service none

  c3d-ca-cert /Common/Cert.crt

  c3d-ca-key /Common/Cert-Key.key

  cert /Common/Cert.crt

  defaults-from /Common/serverssl

  key /Common/Cert-Key.key

  ssl-c3d enabled

 

Thanks and regards,

Janez