Forum Discussion
NacreousSSL cachetimeout
In clientssl profile cache timeout option is there, which means for a SSL session same parameters (ssl key, ciphers) will be used within that timeout limit.
How to check if same SSL key is being used within cache timeout period between client and F5. Is there any irule to check it?
3 Replies
- boneyard
MVP
you can print the SSL::sessionid* from an iRule that should tell you. do remember the session ID is per tcp session, so a new tcp session gets a new session ID.
but why exactly the question, do you believe it isn't working?
*) https://devcentral.f5.com/wiki/irules.ssl__sessionid.ashx
spalandeI don't doubt on it's functionality just wanted to test it as got some requirement to tweak those values. Thanks for your inputs!
- spalande
I'm able to test this. I have printed SSl session id in clientssl_handshake event hope this is correct!
tail -f /var/log/ltm | grep test_ssl Aug 23 04:39:21 bigipF5 info tmm[6211]: Rule /Common/test_ssl : Accepted client conn 192.168.3.104:3567 Aug 23 04:39:31 bigipF5 info tmm[6211]: Rule /Common/test_ssl : Accepted client conn 192.168.3.104:3567 Aug 23 04:40:46 bigipF5 info tmm[6211]: Rule /Common/test_ssl : session id is 83979848d89d7a7b49b4bdee5959ba843ea765f3daef220c78c83956495e7647 Aug 23 04:40:46 bigipF5 info tmm[6211]: Rule /Common/test_ssl : Accepted client conn 192.168.3.104:3598 Aug 23 04:41:12 bigipF5 info tmm[6211]: Rule /Common/test_ssl : session id is 83979848d89d7a7b49b4bdee5959ba843ea765f3daef220c78c83956495e7647
