For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Joshua_Rasnier's avatar
Joshua_Rasnier
Icon for Nimbostratus rankNimbostratus
Mar 04, 2014

Forcing full ssl handshake

Hi guys,

 

I got serverside ssl working between F5 and two poolmembers. We have come across a requirement in which we need to have all ssl sessions to be negotiating via a full ssl handshake.

 

Does anyone know how I can make it do full ssl handshake for each and every session? Currently the F5 is doing a full ssl handshake at the start. Then resume handshakes are used for each and every session between F5 and pool member after the full handshake.

 

application delivery
BIG-IP Access Policy Manager (APM)
deployment
design
devops
iRules
security

2 Replies

  • JG's avatar
    JG
    Icon for Cumulonimbus rankCumulonimbus
    Mar 04, 2014

    Would the following do it for you:

     

    • Disable oneconnect;

       

    • Set cache size to 0 and enable "Strict Resume" in your SSL profile

       

    ?

     

    But your service will be crawling after this. :-)

     

  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    Mar 04, 2014

    i doubt it will be crawling.

     

    you could also just close the SSL and TCP session from an irule at the point when it is needed.