Forcing full ssl handshake

Question

Hi guys,&nbsp;
I got serverside ssl working between F5 and two poolmembers. We have come across a requirement in which we need to have all ssl sessions to be negotiating via a full ssl handshake. &nbsp;
Does anyone know how I can make it do full ssl handshake for each and every session? Currently the F5 is doing a full ssl handshake at the start. Then resume handshakes are used for each and every session between F5 and pool member after the full handshake. &nbsp;

jg · Answer

Would the following do it for you:&nbsp;

Disable oneconnect;&nbsp;

Set cache size to 0 and enable "Strict Resume" in your SSL profile&nbsp;

?&nbsp;
But your service will be crawling after this. :-)&nbsp;

boneyard · Answer

i doubt it will be crawling.&nbsp;
you could also just close the SSL and TCP session from an irule at the point when it is needed.&nbsp;

Forum Discussion

Forcing full ssl handshake

2 Replies

Recent Discussions

Geo Fence in ASM through irule for URI

Client certificate Authentication - open multiple tabs

google autenticator broken barcode

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Related Content

Disk space full

/var full

What are You a Force For?

SSL Profiles Part 1: Handshakes

TCP Internals: 3-way Handshake and Sequence Numbers Explained