Forum Discussion
SSL Profile Handshake/Failure statistics (such fun, must look, so much question)
Hi!
Fair warning, long post TLDR; = "How to decipher SSL profile statistics"
Looking at the SSL profile handshake statistics and trying to decipher what they mean. It feels a bit like looking at ...
Indeed. 🙂 Got a reply now though. Updating the post, but also leaving the delta here:
Mid-Connection Handshakes
Successful renegotiations show up under the "Certificates/Handshakes" heading under the "Mid-Connection Handshakes" field.
https://support.f5.com/csp/article/K15475 (Insecure Renegotiations Rejected - indicates unpatched clients attempted to renegotiate SSL sessions X times and were rejected by the virtual server) The stats in question are all about the configuration of Secure Renegotiation covered in SOL13512
Secure Handshakes << A patched client
Insecure Handshakes Accepted << An unpatched client. First connection accepted (Profile is Request or Require).
Insecure Handshakes Rejected << An unpatched client. First connection rejected (Profile is Request Strict).
Insecure Renegotiations Rejected << An uppatched client. First renegotiation attempt rejected (Profile is Require).
Also asked about bad and DTLS Tx Pushbacks:
Records
In - Self explaining (my comment, not F5's)
Out - Self explaining (my comment, not F5's)
Bad - Escalated within F5
DTLS Tx Pushbacks - Escalated within F5
