- BIG-IP 9.3.1 Build 69.0
- we have reproduced renegotiation requests using web sites such as this https://www.ssllabs.com/ssldb/
- the irule we're using is as follows (it's basically a cut/paste from the bottom of http://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html)...
when CLIENT_ACCEPTED {
initialize TLS/SSL handshake count for this connection
set sslhandshakecount 0
}
when CLIENTSSL_HANDSHAKE priority 1 {
a handshake just occurred
incr sslhandshakecount
is this the first handshake in this connection?
if { $sslhandshakecount > 1 } {
log the event (to /var/log/tmm)
log "\[VS [IP::local_addr]:[TCP::local_port] client [IP::remote_addr]:[TCP::remote_port]\]:TLS/SSL renegotiation"
if not, close the clientside connection
reject
}
}
- we cannot easily change the logging to local0.info as this particular big ip cluster is in a managed environment (strict change control, 8 day lead time, etc)
any ideas as to why it's not logging?
thanks