Forum Discussion

Nimbostratus

Jan 04, 2012

iRule SSL handshake doesn't run in 10.2.0

I have many problems with my irule. I have a BIG-IP in version 9.4.8 and the irule must connect to virtual server in https, there are profile ssl client wich generate a first certificat wil...

Cirrostratus

Jan 04, 2012

You're attempting to add the client's certificate to the session table every time an SSL handshake is completed and the client's session ID isn't already in the SSL session cache. This will fail with a runtime TCL error if the client tries to resume an existing session, after the TMM session expires, but doesn't include the client cert.

If you want to insert the details for a cert in the HTTP headers, you can use an iRule like this instead:

http://devcentral.f5.com/wiki/iRules.InsertCertInServerHeaders.ashx

This iRule accounts for the change in behavior that Nitass described for SSL::sessionid.

Aaron

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

iRule SSL handshake doesn't run in 10.2.0

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

F5 Academies Are Back – And We’re Coming to a City Near You

Recent Discussions

Why does SSLO not support ACTIVE-ACTIVE mode deployments？

Failed to set RDP launch token timeout

Horizon View iApp - Big-IP 17.5

r4600 Tenant CPU Assignment

master key file on vcmp guest HA Cluster different?

Related Content

TCP Internals: 3-way Handshake and Sequence Numbers Explained

SSL Profiles Part 1: Handshakes

Restricting number of concurrent TLS handshakes using Max Active Handshakes on BIG-IP

HTTPS - Monitor SSL Handshake

TCP 3-WAY Handshake vs TCP Half-Open

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS