Forum Discussion

Nimbostratus

Mar 06, 2015

Impact of disabling Secure Renegotiation

Currently my customer would like to disable Secure Renegotiation in client SSL profile since they found the report from sslab indicated there was a risk of DoS attack in secure renegotiation. May I ...

Nimbostratus

Mar 09, 2015

Sure you can disable the SSL secure renegotiation, but there are some downsides in doing that.

Article explaining the difference: (if you have some time to read)

https://devcentral.f5.com/articles/ssl-profiles-part-6-ssl-renegotiation

Alternative solution with an iRule:

https://devcentral.f5.com/articles/ssl-renegotiation-dos-attack-ndash-an-irule-countermeasure

What ever solution you prefer, always best to test in a staging environment before implementing in production. If there's no staging environment available, try implementing the changes outside peak hours.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)