Forum Discussion

kash_49328's avatar
kash_49328
Icon for Nimbostratus rankNimbostratus
Dec 16, 2014

Can somebody help me to write irule to modify SSL handshake time out for a particular client?

SO i have a strange problem with SSL handshake time out exceeded with a particular client. I was thinking about rather than increasing time out in SSL profile can i write an irule to modify the SSL connection behavior from that client? Is it even possible?

 

application delivery
cisco
devops
iRules
LTM

1 Reply

  • Amit_Karnik's avatar
    Amit_Karnik
    Icon for Nimbostratus rankNimbostratus
    Dec 18, 2014

    Yes this is possible. But instead of trying to change 1 parameter for a specific source-IP, it is easier to do it this way

     

    1. Define a new SSL profile with customized parameters lets say clientssl_slowclients.
    2. Keep the virtual with the existing SSL profile.

    3. In the irule, assign this SSL profile once you determine that it is a slow client.

       

      when CLIENT_ACCEPTED { if { [client_addr] ... ur checks } { SSL::profile clientssl_slowclients } }