Forum Discussion

Nimbostratus

Nov 06, 2009

mitigating the TLS client-initiated renegotiation MITM attack

I thought I'd share the iRule we use to mitigate one of the recently disclosed TLS attacks. Our focus lies on preventing the possible malicious data insertion during 'client-initiated renegotiation'. ...

Nimbostratus

Jun 08, 2010

We didn't pass the PCI DSS scanning with BIG-IP v 9.4.5 and the iRule for this version.

We updated to BIG-IP v 9.4.8 HF3 and the iRule for this version. The behaviour is the same as observed on http://blog.ivanristic.com/2009/12/testing-for-ssl-renegotiation.html

I will let you know if BIG-IP v 9.4.8 HF3 passes the PCI scanning this time.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

mitigating the TLS client-initiated renegotiation MITM attack

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Checking for X-Forwarded-For against an Address Data-Group

SSL Bridging and FQDN rewrite Policy

Cisco TACACS+ Config on ISE LTM Pair

iRule causing requests to be duplicated (sometimes)

How can I get started with iCall

Related Content

SSL renegotiation DOS mitigation

SSL Legacy Renegotiation vs Secure Renegotiation Explained using Wireshark

client-initiated SSO issue

SSL Profiles Part 6: SSL Renegotiation

F5 Distributed Cloud L3-L7 DDoS Mitigation

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS