adharkrader
Apr 01, 2017Nimbostratus
Can I reply with an SSL alert when validating client certificate?
I have an iRule that validates client certs against a data group. Currently, if they don't match, I send a Reject (TCP RST). Problem is that the calling browsers retry... I've seen up to 9 retries. Is there a way to reply with an actual SSL Alert message from RFC5246?
I saw Hoolio's iRule that delays the response until the first HTTP_REQUEST but I'd like to abort the session right at the handshake, if I can send something marginally informative back to the caller.
Thanks - Al