For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

merill_60420's avatar
merill_60420
Icon for Nimbostratus rankNimbostratus
Dec 07, 2010

Can't resume SSL sessions

I've configured SSL termination for my application (Oracle AS - SSO) at my BigIP device (v10.1.0). I'm using the default tcp, http, and clientssl profiles. After implementing this, I've noticed that ...
config
design
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Dec 07, 2010
Hi Merill,

 

 

SSL session reuse should be independent of the TCP connections as clients can resume a session on a new TCP connection.

 

 

I'm not sure why you'd see this with a default client SSL profile as LTM should cache sessions. Has the default client SSL profile been modified? What is the Cache Size set to?

 

 

You can test whether LTM is allowing reuse using opessl:

 

 

from: http://royontechnology.blogspot.com/2008/01/how-to-find-out-if-server-supports-ssl.html

 

 

openssl s_client -reconnect -state -prexit -connect ServerURL

 

 

Assuming the openssl test shows support for session resumption, maybe there's an error happening on the initial session which triggers LTM to remove the session from its cache? It's a stab in the dark.

 

 

It would probably be fastest to open a support case on this to get help troubleshooting the issue.

 

 

Aaron