Migrating from CSS to F5

Question

Hello All- We are in the process of migrating from CSS to F5. We termiate ssl on CSS and have the following addition config to insert ssl session info in the http header back to the web server. CSS to web server is http in this case and ssl terminates on the css&nbsp;
&nbsp;ssl-server 20 http-header session &lt;---insert ssl session info (not sure what info exactly, can't find more info on cisco site)
&nbsp;and
&nbsp;ssl-server 20 http-header insert-per-request 
&nbsp;i can't figure out how this translates to f5. i tried this irule and it didn't work, so it's probably more than just the session id that it's looking for. &nbsp;
&nbsp;when HTTP_REQUEST {
&nbsp; HTTP::header insert [SSL::modssl_sessionid_headers] 
&nbsp;} &nbsp;
&nbsp;does anyone has any idea how to do this?&nbsp;
&nbsp;Thanks
&nbsp;Andy

chris_miller · Answer

Exactly what SSL info are you trying to insert? 
&nbsp;  
&nbsp; Based on this cisco doc: 
&nbsp;  
&nbsp; http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v7.40/configuration/ssl/guide/terminat.htmlwpmkr1031927 
&nbsp;  
&nbsp; Looks like you're currently inserting "cipher name, cipher key size, cipher use size, session protocol version, sessionid, and session verify result?"

ac32f5_4938 · Answer

whatever is currently being inserted, i need to insert the exact same info..

chris_miller · Answer

Just to make sure, you're terminating SSL (using a client SSL profile) on your F5 Virtual Server, right? The iRule you tried definitely seems to be on the right track.

ac32f5_4938 · Answer

yes we are terminating on F5. this iRule only inserts session_id..i have to figure out how to insert the rest..

chris_miller · Answer

You can use SSL::cipher for name, key size, and version. 
  
 http://devcentral.f5.com/wiki/default.aspx/iRules/SSL__cipher.html

when HTTP_REQUEST {
 HTTP::header insert [SSL::modssl_sessionid_headers] 
 HTTP::header insert CipherName [SSL::cipher name]
 HTTP::header insert CipherVersion [SSL::cipher version]
 HTTP::header insert CipherKeySize [SSL::cipher bits]
}

Forum Discussion

Migrating from CSS to F5

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

Migrating between sites using stretched VLANs

VMware to Red Hat OpenShift Virtualization Migration

Getting Started with BIG-IP Next: Migrating an Application Workload

Seamless Application Migration to OpenShift Virtualization with F5 Distributed Cloud

F5 Distributed Cloud Customer Edge Migration Centos to RHEL

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS