cancel
Showing results for 
Search instead for 
Did you mean: 

Client cert auth and TLS1.3

Vladimir_Shishk
Altocumulus
Altocumulus

Good day.

I have a SSL-site with enabled Client Cert Auth (Client cerificate request, frequency once).

I'm trying to get access to this site with PKI-card via Mozilla and Chrome.

When I enable TLS1.3 (option "no TLSv1.3" in client ssl-profile is disabled), I receive only a certificate request, but don't get a PIN prompt and then have an

ERR_SSL_CLIENT_AUTH_NO_COMMON_ALGORITHMS error.

: Connection error: ssl_hs_rx_tls13_cert:3672: alert(46) no certificate

 

When I disable TLS1.3 (option no TLSv1.3 is enabled), I receive a certificate request, then enter PIN and after I have an access to web-site via TLS1.2.

 

What should I do to have an TLS1.3 access to this site?

Thank you.

3 REPLIES 3

Lidev
MVP
MVP

Hi,

what does the /var/log/ltm say when the connexion error appears ?

 

Regards

Jul 7 14:59:40 host1 warning tmm[20902]: 01260009:4: client1%1:1029 -> server1%1:443: Connection error: ssl_codec_rx:2314: alert(46) received alert Jul 7 14:59:40 host1 warning tmm[20902]: 01260013:4: SSL Handshake failed for TCP client1%1:1029 -> server1%1:443 Jul 7 14:59:43 host1 warning tmm3[20902]: 01260009:4: client1%1:32621 -> server1%1:443: Connection error: ssl_codec_rx:2314: alert(46) received alert Jul 7 14:59:43 host1 warning tmm3[20902]: 01260013:4: SSL Handshake failed for TCP client1%1:32621 -> server1%1:443 Jul 7 14:59:44 host1 warning tmm[20902]: 01260013:4: SSL Handshake failed for TCP client1%1:8457 -> server1%1:443 Jul 7 14:59:46 host1 warning tmm2[20902]: 01260009:4: client1%1:4606 -> server1%1:443: Connection error: ssl_codec_rx:2314: alert(40) received alert Jul 7 14:59:46 host1 warning tmm2[20902]: 01260013:4: SSL Handshake failed for TCP client1%1:4606 -> server1%1:443 Jul 7 15:00:21 host1 warning tmm1[20902]: 01260009:4: client1%1:33624 -> server1%1:443: Connection error: ssl_codec_rx:2314: alert(42) received alert Jul 7 15:00:21 host1 warning tmm1[20902]: 01260013:4: SSL Handshake failed for TCP client1%1:33624 -> server1%1:443 Jul 7 15:00:28 host1 warning tmm[20902]: 01260009:4: client1%1:1036 -> server1%1:443: Connection error: ssl_codec_rx:2314: alert(80) received alert Jul 7 15:00:28 host1 warning tmm[20902]: 01260013:4: SSL Handshake failed for TCP client1%1:1036 -> server1%1:443

 

OK, you are facing SSL Handshake failed.

Take a look on this topic https://devcentral.f5.com/s/question/0D51T00006j29t9/ssl-handshake-failed-for-tcp

He cover all you need to debug this kind of error (disable Generic Alert on ClientSSL profile, set 'Cache Size' to 0, decrypt TLS Handshake with tcpdump/SSLdump)