Migrating from CSS to F5

Question

Hello All- We are in the process of migrating from CSS to F5. We termiate ssl on CSS and have the following addition config to insert ssl session info in the http header back to the web server. CSS to web server is http in this case and ssl terminates on the css&nbsp;
&nbsp;ssl-server 20 http-header session &lt;---insert ssl session info (not sure what info exactly, can't find more info on cisco site)
&nbsp;and
&nbsp;ssl-server 20 http-header insert-per-request 
&nbsp;i can't figure out how this translates to f5. i tried this irule and it didn't work, so it's probably more than just the session id that it's looking for. &nbsp;
&nbsp;when HTTP_REQUEST {
&nbsp; HTTP::header insert [SSL::modssl_sessionid_headers] 
&nbsp;} &nbsp;
&nbsp;does anyone has any idea how to do this?&nbsp;
&nbsp;Thanks
&nbsp;Andy

chris_miller · Answer

Exactly what SSL info are you trying to insert? 
&nbsp;  
&nbsp; Based on this cisco doc: 
&nbsp;  
&nbsp; http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v7.40/configuration/ssl/guide/terminat.htmlwpmkr1031927 
&nbsp;  
&nbsp; Looks like you're currently inserting "cipher name, cipher key size, cipher use size, session protocol version, sessionid, and session verify result?"

ac32f5_4938 · Answer

whatever is currently being inserted, i need to insert the exact same info..

chris_miller · Answer

Just to make sure, you're terminating SSL (using a client SSL profile) on your F5 Virtual Server, right? The iRule you tried definitely seems to be on the right track.

ac32f5_4938 · Answer

yes we are terminating on F5. this iRule only inserts session_id..i have to figure out how to insert the rest..

chris_miller · Answer

You can use SSL::cipher for name, key size, and version. 
  
 http://devcentral.f5.com/wiki/default.aspx/iRules/SSL__cipher.html

when HTTP_REQUEST {
 HTTP::header insert [SSL::modssl_sessionid_headers] 
 HTTP::header insert CipherName [SSL::cipher name]
 HTTP::header insert CipherVersion [SSL::cipher version]
 HTTP::header insert CipherKeySize [SSL::cipher bits]
}

Forum Discussion

Migrating from CSS to F5

8 Replies

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

F5 Academies Are Back – And We’re Coming to a City Near You

Recent Discussions

Requests with 307 responses not logged (missing) in ASM events

Mgmt Interface Shows Up as TMM

[APM] - How to clear the cached certificate for specific url

debug log for ga result on apm

Create cipher group in f5

Related Content

Migrating between sites using stretched VLANs

F5 BIG-IP VE and Application Workloads Migration From VMware to Nutanix

Driving Down Cost & Complexity: App Migration in the Cloud

VMware vSphere to OpenShift Virtualization Migration with F5 BIG-IP

VMware NSX to Red Hat OpenShift Virtualization Migration with F5 Distributed Cloud

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS