Symptoms
When using ClientSSL, client certificate authentication may fail, if client certificate authentication is set to 'request' or 'require'.
Impact
SSL/TLS connections fail to establish for some clients on virtual servers that request or require client certificates.
Conditions
This occurs when the following conditions are met: -- A ClientSSL profile exists on the virtual server. -- The ClientSSL profile is configured with client certificate authentication set to 'request' or 'require.' -- The client responds with a certificate signed by one of the following affected signature algorithms: SHA256-RSA(0x0401), SHA384-RSA(0x0501), or SHA512-RSA(0x0601).
Fix Information
Unsupported SHA algorithms have been removed, so SSL/TLS client certificate verification completes successfully.
