SSL Server Profile - Always Send Null Session ID in Client Hello

Question

I have a VirtualServer accepting TCP connections, with a server-side TLS connection to a media pool member.  I'd like the F5 to send TLS Client Hello with a Null Session ID every time it tries to open a new server-side connection.  Instead, it often offers an old SSL session id and my server sometimes simply sends TCP FIN if it doesn't recognize the SSL Session ID from the Client Hello.&nbsp;
If this were a Client SSL Profile, I could use the option "No session resumption on renegotiation".  I can't find a similar option for the SSL Server Profile.&nbsp;
Any ideas?&nbsp;

leonardo_souza · Answer

Have a look at the options Unclean Shutdown and Strict Resume.
I think this is the cause of the behaviour you have.&nbsp;
https://support.f5.com/csp/article/K14806&nbsp;

john_beckmann · Answer

Just set the SSL Session "Cache Size" to 0 and it will always set the Session ID to 0, as the cache is disabled. Or reduce the Cache Timeout. Default is 3600 seconds, so just make it lower than the timeout on the backend server.

Forum Discussion

SSL Server Profile - Always Send Null Session ID in Client Hello

2 Replies

Recent Discussions

minimum tmos software version for connect CIS (openshift)

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries HA

Need advise to setup a policy on F5

F5 Rseries R2600 Tenant sizing

Related Content

F5 Server SSL Profile using TLS 1.0 instead of TLS 1.2

APM - Multiple sessions per single VS and APM profile/policy.

How can I configure Server SSL Profiles to connect to different URLs on the same server?

HTTPS communication and client and server ssl profile

Multiple Cookies/Sessions same endpoint