Forum Discussion
Angel_Lopez_116
Altostratus
AltostratusSSL client certificate authentication frequency and SSL Session ID
Hi,
I'm trying to write a very simple iRule to insert SSL Session ID value in HTTP request header. I require the client authentication in the Virtual Server sslclient profile and I've noticed that the F5 generate and send the Session ID value in the ServerHello SSL message only if a configure the frequency for the client authentication to a value of "once", if I set it to "always" then the Session ID is always empty.
I guess that when I set it to "always" the Session ID value is empty because the F5 doesn't want to reuse the session in any case and prefers a full handshake with the client, but I'm not sure of this.
Can anyone explain why the SSL Session ID is empty or has a value depending on the client authentication frequency parameter?
Thanks!
nitassEmployee
Can anyone explain why the SSL Session ID is empty or has a value depending on the client authentication frequency parameter?
i understand null session id is used because bigip requires client authentication fro each connection (always).
The server may return an empty session_id to indicate that the session will not be cached and therefore cannot be resumed.The TLS Protocol Version 1.0
https://www.ietf.org/rfc/rfc2246.txt
Angel_Lopez_116Yes, after reading "7.4.1.3. Server hello" information about SessionID I think that the behaviour of BIG-IP is clear. Thanks.