For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Amit585731's avatar
Amit585731
Icon for Nimbostratus rankNimbostratus
Sep 10, 2015

Regarding SSL session ID persistence

Hi All,   We are having issue with one of the application which seems to be using SSLv3 and low cipher value. Due to this when the source server tries to connect to VIP the connection disconnects ...
application delivery
deployment
LTM
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Sep 10, 2015

I'd personally focus more on making it work with SSL decryption at the LTM VIP. 11.5 will indeed support SSLv3, but you need to add it manually to your SSL profile cipher string.

 

Otherwise SSL sessionid persistence can only work in very limited scenarios. The problem is that modern browsers, all modern browsers, will at given intervals renegotiate SSL. That renegotiation will change the session ID. The only "clients" I've encountered that don't do this are some Citrix and Java clients. You're only other option, should you choose to tunnel SSL, is client source address affinity.