Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Bug ID 878641: "TLS1.3 certificate request message does not contain CAs" not fixed?

Rooti
Nimbostratus
Nimbostratus

‎09-Aug-2023 03:25

BigIP Version: 16.1.3.3

Hello community,

when trying to configure Client-Certificate-Authentication in a clientssl-profile with "Advertised Certificate Authorities" we found that with TLS1.3 the list is empty:

openssl s_client
=> No client certificate CA names sent
when using TLS1.2 it works:
=> Acceptable client certificate CA names
<list of CAs>

This looks exactly like https://cdn.f5.com/product/bugtracker/ID878641.html which lists just 15.x as affected and as fixed. Our box uses 16.1.3.3.
Could someone explain what that means? Versions 16.x are not known to be affected or "should" be fixed in 16.x as well? The KB https://my.f5.com/manage/s/article/K07245790 lists all versions as affected, however.

Can someone confirm the bug in versions 16.x?

Thanks!

Labels:
0 Kudos
3 REPLIES 3

Paulius
MVP
MVP

‎09-Aug-2023 05:26

@Rooti The easiest way to see if a bug exists for your device and the configuration it is running is to create a QKVIEW and upload it to iHealth. This could be a similar bug but slightly different so it has a different bug ID but this would absolutely show up in iHealth when you upload the QKVIEW.

0 Kudos

Rooti
Nimbostratus
Nimbostratus
In response to Paulius

‎09-Aug-2023 08:10

@PauliusThanks for the good advice. iHealth lists no Bugs regarding TLS1.3.

0 Kudos

LiefZimmerman
Community Manager
Community Manager

‎28-Aug-2023 13:52

@Rooti  - If your post was solved it would be helpful to the community to select *Accept As Solution*.
Thanks for being part of our community.

0 Kudos
Copyright © 2023 Khoros, LLC