Clear SSL state

Certificate verification by the SSL Server has a simple iRule command like SSL::cert mode request and then SSL::renegotiate. As long as the client has a certificate this works great.

But if the client doesn't have any certificates, like they haven't inserted the Smart Card, SSL never succeeds and the client can't finish the SSL negotiation.

I'm trying to figure out if there's an iRule command i can use in an Event that allows me to reset the state of the connection until the client has a valid certificate.

The desired scenario is There are no certificates available to the browser session initially, The users requests a web site that requires SSL client authentication The user has no certificates and sees an error page to insert his smart card with a meta refresh tag in the html. User inserts his smart card Repeat meta refresh tag until certificates are available in the browser. When certificates are available, the user is prompted for his smart card PIN.

Sacrificing brevity. I've tried to loop through the events with a counter at the top. If the Client doesn't have the cert, I can get the meta-refresh working with the HTTP::response 200 content, but the browser never tries to renegotiate with the newly available certificates. In between the loops the iRule does another SSL::cert request SSL::reneogitiate. Wireshark shows new TCP session, new ephemeral ports on the clients, I see the TLS hello handshake. But it doesn't work.