Forum Discussion

Nimbostratus

Sep 03, 2010

SSL connect time diffs between domains (VIPs)

I serve HTTPS content from two different domains and each domain name corresponds to a VIP. What I'm seeing is the SSL connect time from one domain is about twice that of the other domain. N...

Nimbostratus

Sep 27, 2010

So here's the deal. The VIP with the longer SSL time is not doing the SSL handshake correctly at least half the time.

The Server Hello response from the F5 is coming back with 1 of 2 Session IDs. Every other time there is an SSL handshake to this VIP it has to do a full-handshake because the Session ID sent in the Client Hello request does not match what's coming back from the F5. The Client Hello always uses the same Session ID.

This means it's having to do a full-hanshake every other time to one VIP. I do not see this behavior with the other VIP.

Forum Discussion

SSL connect time diffs between domains (VIPs)

Recent Discussions

What is the meaning is 52% block in WAF

Rundeck ansible F5 errors

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Open Redirection Mitigation

Related Content

Enriching AFM with public domain Threat Intelligence

domain blocking

Securely connecting Kubernetes Microservices with F5 Distributed Cloud

Troubeshooting website connection

F5 Connection Mirroring question