Forum Discussion
NimbostratusChange Renegotiate Period
Currently I have an iRule that Finds an URI and sends it to a specific POOL. Now I also need to change the certificate Renegotiate Period for a particular URI. Is that possible and if so does anyone know the command to accomplish this?
1 Reply
- Kevin_Stewart
Employee
I don't believe that's going to be an easy task, but there's a few very good reasons why (and I'm assuming you mean CLIENT SIDE SSL):
-
There's not a way to change the Renegotiation Period of an SSL profile with an iRule, so you'd necessarily have to switch between different profiles in the iRule. See: SSL::profile command
-
SSL negotiation happens BEFORE HTTP is evaluated, so a) you wouldn't be able to switch the profile based on a URI (it'd be too late by then), and b) any subsequent requests wouldn't be able to specify which profile to use, because the URI hadn't been evaluated ywt. You can certainly switch SSL profiles based on client source address (layer 3), but not on an HTTP attribute (layer 7).
If, however, you could guarantee unique client source addresses, you could potentially map the URI, SSL profile, and source address in a table so that subsequent requests would know which profile to use based on the source address. Also, potentially, you could host the SSL profiles on separate VIPs with different host names, and use an HTTP iRule to redirect between them based on the URI.
-
