Forum Discussion

Nimbostratus

Feb 22, 2018

Modify SSL Sign Hash in SSL client profile or change SSL client profile before renegociate.

Hi I have a VS with a SSL Client Profile. This SSL client profile is configured with a SSL Sign Hash value at "SHA1" and client authentication. If the SSL negotiation results in no certific...

Employee

Feb 23, 2018

I think you should be able to use SSL::profile out of the client_accepted event. I assume you check for the certificate in clientssl_clientcert, if there is no client cert then change the SSL::profile there, flags it with a variable and on the HTTP_REQUEST event use the SSL::renegotiate. That should force the renegotiation using the second SSL profile.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Modify SSL Sign Hash in SSL client profile or change SSL client profile before renegociate.

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Does F5 rSeries 4600 support 3rd Party SFP

no upload file .docx

F5 LACP

F5 BGP Peering in Active /Standby Cluster

AS3 Storage

Related Content

F5 BIG-IP Advanced WAF – "dos profile" reporting

F5 BIG-IP Advanced WAF – DOS profile configuration options.

iControl REST Cookbook - Virtual Server Profile (LTM Virtual Profiles)

SSL Profiles Part 8: Client Authentication

enable WebSocket profile.

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS