Forum Discussion

Nimbostratus

Mar 29, 2005

session {add|delete} ssl question

I found this code from Code Share. rule c_cert_session { when RULE_INIT { set ::key [AES::key 128] log local0. "the key is: $::key" } when CLIENTSSL_CLIENTCERT { ...

Historic F5 Account

Mar 29, 2005

Have you considered forcing a SSL re-negotiation after a certain time out has been reached? Here is an example ...

when CLIENT_ACCEPTED {  
     set http_collect 0  
  }  
    
  when HTTP_REQUEST {  
     if {[HTTP::request_num] > 10} {  
        SSL::renegotiate  
        HTTP::collect  
        set http_collect 1  
     }  
  }  
    
  when CLIENTSSL_HANDSHAKE {  
    if {$http_collect == 1} {  
       set http_collect 0  
       HTTP::release  
    }  
  }

You will at least be able to verify that the client still has the card.

Forum Discussion

session {add|delete} ssl question

Recent Discussions

Uri-based client cert authentication question

Wildcard SSL Certificate Deployment on F5 LTM

help irules for compatibilty

Grant access to users from F5 APM based on okta user group

iRule condition - request contains more than 10000 parameters

Related Content

Health monitor question

F5 Connection Mirroring question

Novice Question - irules

Ending an APM session when browser tab is closed

Overlapped Networks Question