For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

richardgamboac1's avatar
richardgamboac1
Icon for Nimbostratus rankNimbostratus
Oct 10, 2019

serverssl and serverssl-insecure-compatible

I just want go deep about these two ssl servers profile, what are the difference?, when to use each one?.
richardgamboac1's avatar
richardgamboac1
Icon for Nimbostratus rankNimbostratus
Oct 11, 2019

Hi eaa,

Thank you for your response. I have two questions, please.

 

  1. What unpatched clients means? And this field (secure-renegotiation) works for ssl client profiles too?.
  2. If the back-ends servers have an insecure certificate created by itself (iis servers), do F5 needs the back-end servers certificate on server ssl profile or just need the server so-insecure-compatible profile?
  3. thank you!
boneyard's avatar
boneyard
Icon for MVP rankMVP
Oct 13, 2019

unpatched means server that don't support secure renegotiation yet. and yes a similar option is available in the client side SSL profile.

 

with most default server SSL profile the certificate is not checked at all, so that will work by default. the secure renegotiation is not related to the certificate, it is related to renegotiation a session later on.