For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

johtte_168100's avatar
johtte_168100
Icon for Nimbostratus rankNimbostratus
Nov 10, 2015

My client ssl profile:

 

  • admin@(f5lab01-asm)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm profile client-ssl home.com ltm profile client-ssl home.com {

     

    alert-timeout 10

     

    allow-non-ssl disabled

     

    app-service none

     

    cache-size 262144

     

    cache-timeout 3600

     

    cert home.com.crt

     

    cert-key-chain {

     

    home {

     

    cert home.com.crt

     

    key home.com.key

     

    }

     

    }

     

    chain none

     

    ciphers DEFAULT

     

    defaults-from clientssl

     

    generic-alert enabled

     

    handshake-timeout 10

     

    inherit-certkeychain false

     

    key home.com.key

     

    max-renegotiations-per-minute 5

     

    mod-ssl-methods disabled

     

    mode enabled

     

    options { dont-insert-empty-fragments }

     

    passphrase none

     

    peer-no-renegotiate-timeout 10

     

    proxy-ssl disabled

     

    proxy-ssl-passthrough disabled

     

    renegotiate-max-record-delay indefinite

     

    renegotiate-period indefinite

     

    renegotiate-size indefinite

     

    renegotiation enabled

     

    secure-renegotiation require

     

    server-name none

     

    session-mirroring disabled

     

    session-ticket disabled

     

    sni-default false

     

    sni-require false

     

    ssl-sign-hash any

     

    strict-resume disabled

     

    unclean-shutdown enabled

     

    }
  • Brad_Parker's avatar
    Brad_Parker
    Icon for Cirrus rankCirrus
    Nov 10, 2015
    What about your server SSL profile. I think that's where your issue lies.