For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Stephen_Robin_8's avatar
Stephen_Robin_8
Icon for Nimbostratus rankNimbostratus
Jan 25, 2011

Selecting pool using custom protocol over SSL

Our application uses a custom protocol (NOT HTTP) between clients and servers. We're investigating using a BIG-IP device to: (1) Encrypt the traffic between the client and the BIG-IP using SSL. ...
application delivery
dev
devops
iRules
spark_86682's avatar
spark_86682
Historic F5 Account
Jan 25, 2011
This really sounds like ID 224958, which is fixed in 10.2.0 HF2. Basically, SSL::collect is (erroneously) not holding up the connection, so a server pick is attempted before CLIENTSSL_DATA ever fires, and since there's no pool (since you're trying to specify one in CLIENTSSL_DATA), the connection fails. Also, as you've found, you can't just specify a pool earlier, because the server connection will already be established (or be in the process of getting established) by the time CLIENTSSL_DATA fires. You *might* be able to do something like specify a default pool, and then when CLIENTSSL_DATA fires do an LB::detach and then specify a new pool, but I'd do a lot of testing before putting that sort of a solution into production. Your best bet is to just upgrade. Hope this helps!