Forum Discussion
xunil321_122934
Nimbostratus
NimbostratusClient cert for specific URIs: TLSv1.0 vs TLSv1.2
Dear all,
under 11.4.1 we are using an irule to require client cert
on specific URIs (visiting other pages clients are allowed to
proceed without any cert). When ONLY TLSv1.0 is enabl...
xunil321_122934Nimbostratus
NimbostratusThese are the last ssldump lines immediately after the client's attempt to access the protected URI:
...
New TCP connection 5: xxxx(55847) <-> yyyy(443)
5 1 1412679149.7406 (0.0041) C>SV3.3(193) Handshake
ClientHello
Version 3.3
random[32]=
54 33 c6 a0 2a 0a 52 ff 13 24 09 74 b5 95 17 88
68 75 bf 50 24 7f c5 89 71 ce 62 c9 51 7c 19 be
resume [32]=
0c b7 1f 97 75 da db 2c 08 55 48 df 89 a1 7d 4a
82 4d 06 98 66 b7 b5 13 45 6a f7 4b f7 0a c6 60
cipher suites
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_RC4_128_MD5
compression methods
NULL
5 2 1412679149.7409 (0.0003) S>CV3.3(85) Handshake
ServerHello
Version 3.3
random[32]=
a7 1c 85 1c 2e 7e e6 ae 55 03 6e 2c 7b 5e d3 c4
fb 2c ee 93 60 de 5f ef 42 6f e2 49 f4 5c 9c 97
session_id[32]=
0c b7 1f 97 75 da db 38 08 55 48 df 89 a1 7c 4a
d5 b3 7b 29 31 49 cb 85 45 6a f7 4b f7 0a c6 61
cipherSuite TLS_RSA_WITH_AES_256_CBC_SHA
compressionMethod NULL
5 3 1412679149.7409 (0.0000) S>CV3.3(1357) Handshake
Certificate
5 4 1412679149.7409 (0.0000) S>CV3.3(4) Handshake
ServerHelloDone
