BugZero | F5 BugID 451003 - SSL/TLS client certificate verification may fail d...

OPERATIONAL DEFECT DATABASE

...

BugZero | F5 BugID 451003 - SSL/TLS client certificate verification may fail d...

F5 - Defect ID: 451003

SSL/TLS client certificate verification may fail due to SHA algorithms that are advertised but not supported

F5 - Defect ID: 451003

SSL/TLS client certificate verification may fail due to SHA algorithms that are advertised but not supported

Last updated on April 28th, 2025

BugZero Risk Score
8.5 High

Overall: 8.5

Severity: 9.1

Community: 4.2

Lifecycle: 7.8

What is the BugZero Risk Score?

F5 Integration

Learn more about where this data comes from

F5 Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Priority: 2-Critical
Status: Not Verified
Impact Category: Local Traffic Manager

Description

Symptoms

When using ClientSSL, client certificate authentication may fail, if client certificate authentication is set to 'request' or 'require'.

Impact

SSL/TLS connections fail to establish for some clients on virtual servers that request or require client certificates.

Conditions

This occurs when the following conditions are met: -- A ClientSSL profile exists on the virtual server. -- The ClientSSL profile is configured with client certificate authentication set to 'request' or 'require.' -- The client responds with a certificate signed by one of the following affected signature algorithms: SHA256-RSA(0x0401), SHA384-RSA(0x0501), or SHA512-RSA(0x0601).

Workaround

None

Fix Information

Unsupported SHA algorithms have been removed, so SSL/TLS client certificate verification completes successfully.

Change history

2025-04-28 Added: 11.2.1, 11.3.0, 11.4.0, 11.4.1

Top F5 Defects

9.6Defect ID: 1496269
VCMP guest on version 16.1.4 or above might experience constant TMM crashes.
9.4Defect ID: 1407909
For E810 100G SR-IOV NICs, traffic disruption is seen with ICE driver v1.11.14 and NVM 4.20 combination.
9.4Defect ID: 970269
Install fails as lind keeps failing due to "Fatal error: block id new probe failed - device file:/dev/cdrom"
9.4Defect ID: 1785385
Intermittent traffic failures when tenant is running BIG-IP v17.1.2 or above and host is on version prior to F5OS-A 1.8.0 or F5OS-C 1.8.0
9.4Defect ID: 2122789
BIG-IP (i-series) goes offline after the upgrade - unable to access using SSH

F5 Integration

Learn more about where this data comes from

F5 Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

F5 - Defect ID: 451003

SSL/TLS client certificate verification may fail due to SHA algorithms that are advertised but not supported

F5 - Defect ID: 451003

SSL/TLS client certificate verification may fail due to SHA algorithms that are advertised but not supported

Last updated on April 28th, 2025

BugZero Risk Score8.5 High

Bug Details

Symptoms

Impact

Conditions

Workaround

Fix Information

Links

Top F5 Defects

Ready to prevent the next vendor outage?

BugZero Risk Score
8.5 High