SSL Server Profile - Always Send Null Session ID in Client Hello

Question

I have a VirtualServer accepting TCP connections, with a server-side TLS connection to a media pool member.  I'd like the F5 to send TLS Client Hello with a Null Session ID every time it tries to open a new server-side connection.  Instead, it often offers an old SSL session id and my server sometimes simply sends TCP FIN if it doesn't recognize the SSL Session ID from the Client Hello.&nbsp;
If this were a Client SSL Profile, I could use the option "No session resumption on renegotiation".  I can't find a similar option for the SSL Server Profile.&nbsp;
Any ideas?&nbsp;

leonardo_souza · Answer

Have a look at the options Unclean Shutdown and Strict Resume.
I think this is the cause of the behaviour you have.&nbsp;
https://support.f5.com/csp/article/K14806&nbsp;

john_beckmann · Answer

Just set the SSL Session "Cache Size" to 0 and it will always set the Session ID to 0, as the cache is disabled. Or reduce the Cache Timeout. Default is 3600 seconds, so just make it lower than the timeout on the backend server.

Forum Discussion

SSL Server Profile - Always Send Null Session ID in Client Hello

Recent Discussions

Default retry time inband monitor

how to monitor the axfr master response

Http / https health monitor issue

I used the wrong email account when take Application Delivery Exam (101)

F5 looses the token for the first call

Related Content

Capture Virtual Server Clientssl Profile & Ciphers Mapping - Bash

LTM Diameter iRules and Profile Configurations with Support for Server Initiated Request

Server Side Profile not show the certificate

Understanding the Authenticate Name Option on Server SSL profile on BIG-IP

5 Technical Sessions That Should Be Great: F5 AppWorld 2025

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS