For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

ask_me_anytime_'s avatar
ask_me_anytime_
Icon for Nimbostratus rankNimbostratus
Apr 15, 2010

ServerSSL - SERVERSSL_HANDSHAKE not triggered on certificate check failiure ??

Hello,   during serverSSL handshake, i'm trying to log messages when pool member server ssl certificate is invalid (expired certificate ) and BIGIP rejects it.   In the serverssl profile, i set...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Apr 15, 2010
Hi,

 

 

SERVERSSL_HANDSHAKE is triggered when an SSL handshake is completed. If the server SSL profile is set to require a cert but it's not validated, I don't think the event will be triggered as the handshake hasn't completed. If you change the server SSL profile to not require a cert, do you see the event triggered? If so, you could try validating the server cert in the iRule and reject the connection for invalid certs.

 

 

Aaron