Forum Discussion

Nimbostratus

Feb 22, 2018

Modify SSL Sign Hash in SSL client profile or change SSL client profile before renegociate.

Hi I have a VS with a SSL Client Profile. This SSL client profile is configured with a SSL Sign Hash value at "SHA1" and client authentication. If the SSL negotiation results in no certific...

Employee

Feb 22, 2018

I think you should be able to use SSL::profile out of the client_accepted event. I assume you check for the certificate in clientssl_clientcert, if there is no client cert then change the SSL::profile there, flags it with a variable and on the HTTP_REQUEST event use the SSL::renegotiate. That should force the renegotiation using the second SSL profile.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Modify SSL Sign Hash in SSL client profile or change SSL client profile before renegociate.

Tyler - May 2026 Featured Member

AppWorld Berlin 2026 – iRules Contest Winning Results

One Quick Step to Make your website AI-Agent/MCP Ready with an iRule

Recent Discussions

F5 Send email and snmp trap from LTM log event

shame on f5

Dynamic import of data groups

ASM allow specific url from outside country of geolocation ON

AWAF Detection Inconsistency Between Similar Test Payloads

Related Content

Explore TCP and TLS Profiles for Optimal S3 with MinIO Clusters

F5 BIG-IP Advanced WAF – DOS profile configuration options.

iControl REST Cookbook - Virtual Server Profile (LTM Virtual Profiles)

F5 BIG-IP Advanced WAF – "dos profile" reporting

SSL Profiles Part 8: Client Authentication

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS