Forum Discussion

Nimbostratus

Mar 11, 2013

ProxyPassSSLProfiles Internal Data Group Issue

I am having a problem with v10.9 of ProxyPass. I've setup the internal string data group ProxyPassSSLProfiles with one name-value pair. It appears that the findclass statement below that att...

Nimbostratus

Mar 12, 2013

I was able to get ProxyPass v10.9 to function properly on TMOS v11 with only the change mentioned in my above posting - using class match instead of findclass.

I also discovered that in v11.2 where it now supports and defaults to strict secure renegotiation in the server side SSL profile. My lab test was failing with the following message in the log file.

warning tmm1[7283]: 01260017:4: Connection attempt to insecure SSL server (see RFC5746) aborted: ...

Setting the "Secure Renegotiation" setting in the server SSL profile to "Request" fixed this issue for me. I mention this ssl profile setting because obviously it is related to the ProxyPass iRule in the context above (i.e. ProxyPassSSLProfiles, etc.) and it is a change from v10.

Cheers

-Deon

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)