Forum Discussion

Richard_Jones's avatar
Richard_Jones
Icon for Nimbostratus rankNimbostratus
Jan 23, 2015

'SSL::disable serverside' not working

I'm working on an iRule that uses a switch statement to send traffic to various pools. The virtual server is configured with clientssl and serverssl. I'm trying to use 'SSL::disable serverside' in one block of the switch statement, however the BIG-IP is still trying to perform a serverside SSL handshake to the port 80 pool member, which obviously fails.

 

The virtual server is configured with OneConnect, AVR, ASM, and a rewrite profile, in addition to the standard clientssl, serverssl, and HTTP profiles. Using 'LB::detach', 'AVR::disable', and 'ASM::disable' (all together or individually) doesn't make any difference.

 

Does anyone know why the BIG-IP is still trying a serverside SSL handshake, even though 'SSL::disable serverside' is being used? I'm truly stumped on this one...

 

TIA!

 

application delivery
deployment
devops
iRules

5 Replies

Sort By
  • Michael_Jenkins's avatar
    Michael_Jenkins
    Icon for Cirrostratus rankCirrostratus
    Jan 23, 2015

    Are you sure that the ssl::disable is being executed? Seems like a strange issue. Do you have logging in your iRule to verify everything's happening as you expect?

     

  • Richard_Jones's avatar
    Richard_Jones
    Icon for Nimbostratus rankNimbostratus
    Jan 23, 2015

    @Michael - Yes, I'm sure the command was being executed, as I have logging below the command that was working. I agree, this was a very strange issue that I haven't experienced before.

     

    @Brad - Using SERVER_CONNECTED instead of HTTP_REQUEST is the solution I found as well.

     

    Thanks for your replies, but I was able to figure out a solution.

     

    Instead of calling 'SSL::disable serverside' in HTTP_REQUEST, I'm now setting a variable to 1, then checking that variable in SERVER_CONNECTED. If the variable is 1, then disable serverside SSL.

     

    I don't know why it wasn't working in HTTP_REQUEST (as I've done that for years), but this solution seems to work for me.

     

    Thanks again!

     

  • Robert_47833's avatar
    Robert_47833
    Icon for Altostratus rankAltostratus
    Apr 13, 2015

    I met similar issue before. and use sever side ssl disable in SERVER_CONNECTED event instead of HTTP_REQUEST solved the problem not sure the exact why....