Forum Discussion
Brian_Ledbetter
Nimbostratus
NimbostratusNew question: SSL::sessionid always returns zero?!
Has anyone else seen a condition in which [SSL::sessionid] is always zero? Here's what my log looks like - I think this is leading to a serious conflict in our F5's SSL cache:
Nov 20 15:34:32 tmm tmm[920]: 01220002:6: Rule SSL_Mapping_Rule : 0000000000000000000000000000000000000000000000000000000000000000
Nov 20 15:34:32 tmm tmm[920]: 01220002:6: Rule SSL_Mapping_Rule : 0000000000000000000000000000000000000000000000000000000000000000
No matter which event I call it from, this is all I see. Help!
Regards,
Brian
(Update: Not in _the_ F5's cache, just in ours. Seriously, has anyone seen this before?)
3 Replies
- That's pretty odd indeed. I've never seen the sessionID drop to straight zeros. What does your iRule look like? Have you tried doing a manual inspection via an SSLdump to see what info's actually coming through?
Colin 
hoolioCirrostratus
Quite a bit late, but... SSL::sessionid returns a string of 64 zeros if the session ID doesn't exist in the cache:
http://devcentral.f5.com/wiki/default.aspx/iRules/ssl__sessionid
Returns the current connection's SSL session ID if it exists in the session cache. If it does not exist in the cache, returns a string of 64 zeroes.
Aaron- hoolioIt looks like the null session ID will occur on every attempt to retrieve SSL::sessionid if you set the client SSL profile to validate the client certificate always (instead of once). This kind of makes sense if you want to check the client cert on every request (and therefore don't ever want to add the session ID to the cache).
Aaron
