Forum Discussion

Nimbostratus

Oct 05, 2012

SSL change in version 11.2.1?

Last night I replaced a version 9.4.8 2400 with an HA pair of 3600s, ASM is licensed but not in use yet on the 3600s. I found this morning that a couple of the sites that I terminate SSL on the BIGi...

config

design

Kevin_Stewart

Employee

Oct 05, 2012

Ahh, that's because 11.2 now supports, and defaults to strict secure renegotiation in the server SSL profile. It's likely that your servers don't support secure renegotiation.

From the BIG-IP shell, run the following:

openssl s_client -connect :443

The response will either contain "Secure Renegotiation IS supported", "Secure Renegotiation IS NOT supported", or nothing. If it appears that secure renegotiation is NOT supported, you can set the Secure Renegotiation setting in the server SSL profile to Request and give that a shot.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

SSL change in version 11.2.1?

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

F5 Academies Are Back – And We’re Coming to a City Near You

Recent Discussions

In F5 APM, how to include multiple DNS suffix?

Issue while migrating config from 4000s to r4600

Username is not filled in EdgeClient in the Modern customization

Cert Bundle Manager

Question regarding F5 Viprion Configuration Migration to VE.

Related Content

Installing and Locking a Specific Version of F5 NGINX Plus

HTTPS Monitor fails after changing TLS Version

New iOS F5 Access version (3.1.0) issues

Set HTTP version

How to change TLS version 1.0 settings to version 1.2 or 1.3 in F5 DDoS product

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS