Forum Discussion
SSL Renegotiation Error - HTTPS Health Check?
[02/Jun/2011:14:27:06] failure ( 5885): for host 10.10.10.2 trying to GET /index.html while trying to GET /, Client-Auth reports: HTTP4026: SSL opera
tion failed (SSL_ERROR_RENEGOTIATION_NOT_ALLOWED: SSL renegotiation is not allowed.)
[02/Jun/2011:14:27:10] failure ( 5885): for host 10.10.10.3 trying to GET /, Client-Auth reports: HTTP4026: SSL operation failed (SSL_ERROR_RENEGOTIA
TION_NOT_ALLOWED: SSL renegotiation is not allowed.)
[02/Jun/2011:14:27:10] failure ( 5885): for host 10.10.10.3 trying to GET /index.html while trying to GET /, Client-Auth reports: HTTP4026: SSL opera
tion failed (SSL_ERROR_RENEGOTIATION_NOT_ALLOWED: SSL renegotiation is not allowed.)
- nitass
Employee
pool member requires ssl renegotiation, doesn't it? - Michael_Yates
Nimbostratus
Nice. Thank you! - brad_11440
Nimbostratus
I may be running into this bug myself... I have an HTTPS monitor that is constantly marking the nodes as down/up again every 20 - 60 seconds. I am running a version that is affected by the bug. What logging settings do you need to have configured for Local Traffic Logging to see this error? - nitass
Employee
What logging settings do you need to have configured for Local Traffic Logging to see this error?i think the log Michael showed is from server. - brad_11440
Nimbostratus
i think node should always be marked down if you are hitting that bug. i thought the bug happened after it was marked up due the initial connection, after the node tried to initiate the renegotiation. the "ssl renegotiation is not allowed" message led me to believe it was on the f5, since the VIP had ssl renegotiation disabled to fix the tls vulnerability.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com