Forum Discussion

Altostratus

Mar 26, 2014

Differentiate between client-initiated and server-initiated SSL renegotiations

Hi! I'm trying to configure my F5 LTM 11.3 to be able to allow server-initiated SSL renegotiations but reject client-initiated SSL renegotiations. In the clientssl profile I've configured a rene...

Historic F5 Account

Mar 27, 2014

OK..

Maybe look at

Mitigating the THC SSL DoS Threat
http://devcentral.f5.com/weblogs/macvittie/archive/2011/10/28/f5-friday-mitigating-the-thc-ssl-dos-threat.aspx

and

SSL Renegotiation DOS attack – an iRule Countermeasure : 
https://devcentral.f5.com/articles/ssl-renegotiation-dos-attack-ndash-an-irule-countermeasure

and here

SSL Renegotiation, Execution Halting and HTTP Rewriting : 
https://devcentral.f5.com/articles/20-lines-or-less-49-ssl-renegotiation-execution-halting-and-http-rewriting

I am sure these might be able to assist

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Differentiate between client-initiated and server-initiated SSL renegotiations

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

SSL Legacy Renegotiation vs Secure Renegotiation Explained using Wireshark

SSL Profiles Part 6: SSL Renegotiation

LTM Diameter iRules and Profile Configurations with Support for Server Initiated Request

SSL 3.0.7 - Unsafe legacy renegotiation disabled on client side

Re: SSL Renegotiation DOS attack – an iRule Countermeasure

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS