Forum Discussion
nitass
Mar 09, 2013Employee
i do not get "Self-initiated renegotiation attempted while renegotiation disabled" log in my lab. is there anything i missed?
this is my setting.
root@(ve1121)(cfg-sync Standalone)(Active)(/Common)(tmos) show sys version
Sys::Version
Main Package
Product BIG-IP
Version 11.2.1
Build 807.0
Edition Hotfix HF1
Date Tue Oct 2 10:46:52 PDT 2012
Hotfix List
ID395272 ID397435 ID397882 ID397981
root@(ve1121)(cfg-sync Standalone)(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
destination 172.28.20.119:443
http-class {
myhttpclass
}
ip-protocol tcp
mask 255.255.255.255
pool foo
profiles {
http { }
myclientssl {
context clientside
}
serverssl {
context serverside
}
tcp { }
}
rules {
insert_ssl_session_id
}
snat automap
vlans-disabled
}
root@(ve1121)(cfg-sync Standalone)(Active)(/Common)(tmos) list ltm profile httpclass myhttpclass
ltm profile httpclass myhttpclass {
app-service none
asm enabled
defaults-from httpclass
}
root@(ve1121)(cfg-sync Standalone)(Active)(/Common)(tmos) list ltm pool foo
ltm pool foo {
members {
200.200.200.101:443 {
address 200.200.200.101
}
}
}
ltm profile client-ssl myclientssl {
app-service none
options { no-session-resumption-on-renegotiation }
renegotiate-max-record-delay 100
renegotiate-period indefinite
renegotiate-size indefinite
renegotiation enabled
secure-renegotiation request
}
root@(ve1121)(cfg-sync Standalone)(Active)(/Common)(tmos) list ltm rule insert_ssl_session_id
ltm rule insert_ssl_session_id {
when CLIENT_ACCEPTED {
log local0. "--"
}
when CLIENTSSL_HANDSHAKE {
log local0. "SSL session Id [SSL::sessionid]"
}
when CLIENTSSL_CLIENTCERT {
log local0. "SSL session Id [SSL::sessionid]"
set cert [SSL::cert 0]
set sn [X509::serial_number $cert]
set subject [X509::subject $cert]
set issuer [X509::issuer $cert]
set version [X509::version $cert]
session add uie [SSL::sessionid] [list $sn $issuer $subject $version] 1800
}
when HTTP_REQUEST {
log local0. ""
log local0. "URI [HTTP::uri]"
if { [SSL::cert count] < 1 } {
SSL::authenticate once
SSL::authenticate depth 9
SSL::cert mode request
SSL::renegotiate
log local0. "SSL::renegotiate"
} else {
set values [session lookup uie [SSL::sessionid] ]
if { [lindex $values 0] != "" } {
HTTP::header insert XClientSSL_Serial [lindex $values 0]
log local0. "Inserting Serial [lindex $values 0]"
HTTP::header insert XClientSSL_Issuer [lindex $values 1]
log local0. "Inserting Issuer [lindex $values 1]"
HTTP::header insert XClientSSL_Subject [lindex $values 2]
log local0. "Inserting Subject [lindex $values 2]"
HTTP::header insert XVersion [lindex $values 3]
log local0. "Inserting Version [lindex $values 3]"
}
}
}
}
/var/log/ltm
[root@ve1121:Active:Standalone] config tail -f /var/log/ltm
Mar 9 16:07:34 tmm info tmm[13182]: Rule /Common/insert_ssl_session_id : --
Mar 9 16:07:34 tmm info tmm[13182]: Rule /Common/insert_ssl_session_id : SSL session Id 7127aea7e11d64b7b9c9e90e8b51ea846bd8eecda30b2eabf91a5de694dc878c
Mar 9 16:07:38 tmm info tmm[13182]: Rule /Common/insert_ssl_session_id : --
Mar 9 16:07:38 tmm info tmm[13182]: Rule /Common/insert_ssl_session_id : SSL session Id 7127aea7e11d64b8b9c9e90e8b51ea846bd8eecda30b2eaaf91a5de694dc8780
Mar 9 16:07:40 tmm info tmm[13182]: Rule /Common/insert_ssl_session_id : --
Mar 9 16:07:40 tmm info tmm[13182]: Rule /Common/insert_ssl_session_id : SSL session Id 7127aea7e11d64b9b9c9e90e8b51ea846bd8eecda30b2ea9f91a5de694dc8786
Mar 9 16:07:40 tmm info tmm[13182]: Rule /Common/insert_ssl_session_id :
Mar 9 16:07:40 tmm info tmm[13182]: Rule /Common/insert_ssl_session_id : URI /
Mar 9 16:07:40 tmm info tmm[13182]: Rule /Common/insert_ssl_session_id : SSL::renegotiate
Mar 9 16:07:46 tmm info tmm[13182]: Rule /Common/insert_ssl_session_id : SSL session Id 7127aea7e11d64bab9c9e90e8b51ea846bd8eecda30b2ea8f91a5de694dc8786
Mar 9 16:07:46 tmm info tmm[13182]: Rule /Common/insert_ssl_session_id : SSL session Id 7127aea7e11d64bab9c9e90e8b51ea846bd8eecda30b2ea8f91a5de694dc8786
Mar 9 16:07:46 tmm info tmm[13182]: Rule /Common/insert_ssl_session_id :
Mar 9 16:07:46 tmm info tmm[13182]: Rule /Common/insert_ssl_session_id : URI /f5.gif
Mar 9 16:07:46 tmm info tmm[13182]: Rule /Common/insert_ssl_session_id : Inserting Serial 01
Mar 9 16:07:46 tmm info tmm[13182]: Rule /Common/insert_ssl_session_id : Inserting Issuer CN=caroot.acme.com,OU=IT,O=Acme Ltd,L=Seattle,ST=WA,C=US
Mar 9 16:07:46 tmm info tmm[13182]: Rule /Common/insert_ssl_session_id : Inserting Subject CN=client1.acme.com,OU=IT,O=Acme Ltd,L=Seattle,ST=WA,C=US
Mar 9 16:07:46 tmm info tmm[13182]: Rule /Common/insert_ssl_session_id : Inserting Version 3