Forum Discussion
Kevin_Stewart
Sep 23, 2018Employee
The BIG-IP has been able to support mutual auth from the beginning. But of course TLSv1.2 didn't come until later. Mutual auth and TLSv1.2 are different things though, and MA is generally irrespective of the TLS version (except for maybe digital signature SHA version support).
The best place to start is with an ssldump capture:
ssldump -AdNn -i [client side VLAN] port 443
This will tell you exactly when the connection is breaking. And if it is breaking immediately after the client's cert message, it typically implies that the server doesn't like the cert, not that TLS has anything to do with it (because the TLS parameters were chosen in the ServerHello message).