Mutual TLS: accepting sha256 / rsa client certs

Question

We have an F5 setup to use mutual TLS (requesting the client's cert) for some SSL/TLS sites.&nbsp;
The client only has a SHA256 cert. The client can do Mutual TLS with an Apache server but not with the F5 server.&nbsp;
We've traced the problem to the TLS Handshake CERTIFICATE_REQUEST sent by the F5 to the client. It differs from the one sent by the Apache server. &nbsp;
The F5 CERTIFICATE_REQUEST only specs (accepts) one pair of HashAlgorithm / SignatureAlgorithm: 02 01 - sha1 / rsa&nbsp;
==&gt;&gt; How can we set the F5 so it will also accept sha256/rsa client certs?&nbsp;
(I'm an F5 newbie, thanks in advance for providing details.)&nbsp;

leonardo_souza · Answer

You can change the allowed ciphers in the clientssl profile.&nbsp;
This is the solution for v12:&nbsp;
https://support.f5.com/csp/article/K17370&nbsp;
This solutions have multiple links you may use about SSL:&nbsp;
https://support.f5.com/csp/article/K8802&nbsp;

Forum Discussion

Mutual TLS: accepting sha256 / rsa client certs

1 Reply

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

What is Mutual TLS (mTLS)?

use irule to sign data using sha256

Geolocation accept per url path

Verifying Slack Requests with Mutual TLS

Difference between Insert X-Forwarded-For and Accept XFF?