Forum Discussion

MVP

Mar 10, 2013

ssl::renegotiate changes SSL session ID and makes it impossible to resume?

when calling ssl::renegotiate (in v11.2 / 11.3) it seems that the SSL session ID changes (very slightly, gets +1 somewhere near 2/3s) and can't be used anymore by new resume requests that request in ...

MVP

Mar 21, 2013

im doing the usual requesting a client certificate from the irule without having the put the ssl client side profile on request.

because of the failure to request the new SSL session id certain tcp session are using a different SSL session id which isn't authorized within the irule to access the protected resources.

this can be solved with using a cookie, but i just want to understand why the F5 doesn't honor the request for an, in my opinion, valid SSL session id.

Forum Discussion

ssl::renegotiate changes SSL session ID and makes it impossible to resume?

Recent Discussions

Big-IP Next 20.2.0-2.375.1+0.0.43 iRule count problem

URL

Problems connecting to vpn after upgrading to ubuntu 24.04

Wildcard SSL Certificate Deployment on F5 LTM

iRule resulting in too many redirects

Related Content

SSL Legacy Renegotiation vs Secure Renegotiation Explained using Wireshark

SSL Profiles Part 6: SSL Renegotiation

SSL 3.0.7 - Unsafe legacy renegotiation disabled on client side

Re: SSL Renegotiation DOS attack – an iRule Countermeasure

SSL renegotiation DOS mitigation