Forum Discussion

DavidWong_10382's avatar
DavidWong_10382
Icon for Nimbostratus rankNimbostratus
May 17, 2011

SSL cache does not work

Basically, two SSL virtual servers , SSL cache works on one VS, does not work another VS, SSL profile config is below. the only difference between two SSL profiles is just the cache size. the cache does not work on the profile with default setting. I wonder if anyone had this experience before.

 

Thanks.

 

 

below is the SSL client profile which cache does not work, I did ssldunp, the sessionid in serverhello message is zero, but i do not know why F5 sends zero sessionID.

 

 

defaults from clientssl

 

mode enable

 

key "i1key"

 

cert "1.crt"

 

chain "2crt"

 

ca file "3.crt"

 

crl file none

 

client cert ca none

 

ciphers "ALL:!ADH:!LOW:!EXP:!SSLv2:!NULL:!MEDIUM:!RC4:HIGH:RSA"

 

passphrase none

 

options none

 

modssl methods disable

 

cache size 20000

 

cache timeout 3600

 

renegotiate period indefinite

 

renegotiate size indefinite

 

renegotiate max record delay 10

 

handshake timeout 60

 

alert timeout 60

 

peer cert mode require

 

authenticate once

 

authenticate depth 9

 

unclean shutdown enable

 

strict resume disable

 

nonssl disable.

 

}

 

config
design
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    May 18, 2011
    Hi David,

     

     

    The cache size being set to zero or renegotiate setting set for always are the only obvious reasons I could think of for this. I'd open a case with F5 Support on this to get help troubleshooting the issue.

     

     

    Aaron