For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Tarmo_Oja_95406's avatar
Tarmo_Oja_95406
Icon for Nimbostratus rankNimbostratus
Mar 29, 2005

session {add|delete} ssl question

I found this code from Code Share.     rule c_cert_session { when RULE_INIT { set ::key [AES::key 128] log local0. "the key is: $::key" } when CLIENTSSL_CLIENTCERT { ...
application delivery
dev
devops
iRules
bl0ndie_127134's avatar
bl0ndie_127134
Historic F5 Account
Mar 29, 2005
Have you considered forcing a SSL re-negotiation after a certain time out has been reached? Here is an example ... 

when CLIENT_ACCEPTED {  
     set http_collect 0  
  }  
    
  when HTTP_REQUEST {  
     if {[HTTP::request_num] > 10} {  
        SSL::renegotiate  
        HTTP::collect  
        set http_collect 1  
     }  
  }  
    
  when CLIENTSSL_HANDSHAKE {  
    if {$http_collect == 1} {  
       set http_collect 0  
       HTTP::release  
    }  
  }

You will at least be able to verify that the client still has the card.