Forum Discussion

Nimbostratus

Nov 16, 2005

bad ssl sessionid containing null byte

Hello Everybody, We have a problem replicating the SSL Proxy feature "SLL Client Session insertion" into http headers of a BIGIP v4 System into v9. The iRule does work but replac...

Nimbostratus

Nov 18, 2005

Hi unRuleY,

I think that would be worse.

If the client creates a 128Bit Session Id and there 16 Bit

missing that could mathematically

generate 65536 diffrent session that look like the same.

And thats bad bad for secure ecommerce (beside propper session handling)!

Regards,

Edi

P.S. Of corse we do _not_ rely on the ssl sessionid as a the only

session handler, but others may! Who knows what other side effects

this may cause!

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

bad ssl sessionid containing null byte

Recent Discussions

show system - attribute values

Upgrade F5 BIGIP

iRule: Failure to activate payload

APM integrate with Azure Intune

how to whitelist new source IP on F5 web UI access

Related Content

Knowledge sharing: Containers, Kubernetes, Openshift, F5 Container Connector, NGINX Ingress

Scale Multi-Cluster OpenShift Deployments with F5 Container Ingress Services

Deploying F5 NGINX Plus Graviton-powered Containers as AWS ECS Fargate Tasks

irule reject request when payload field is null

Distributing Traffic Between Platform Agnostic Container Environments with BIG-IP DNS

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS