For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Jeff_Mattson_44's avatar
Jeff_Mattson_44
Icon for Nimbostratus rankNimbostratus
Jan 24, 2007

SSL termination -- race condition?

Hi,   I'm using Big-IP v9.1.2.     I have a virtual with a basic client ssl profile but without a default pool.     I'm setting the destination in an irule using a node statement in t...
application delivery
dev
devops
iRules
Jeff_Mattson_44's avatar
Jeff_Mattson_44
Icon for Nimbostratus rankNimbostratus
Feb 05, 2007
Thanks, Colin. Sorry for the delay on this.

The problem is pretty simple to reproduce. I just have a virtual server listening on 443 with a default ssl profile...no http profile and no default pool. I attach the following irule to the virtual server.


when CLIENTSSL_HANDSHAKE {  
  log "in CLIENTSSL_HANDSHAKE"
  use node 192.168.100.7 80
}

It does seem strange. I haven't tried it yet on an updated version. Again, I ultimately need to use info in the first data packet after the handshake to select a destination server. Currently I'm using the "middle-man virtual server" technique described by unRuleY in this forum. Of course, that is a hard sell to other network admins...sounds a bit ad hoc for an F5.

Thank you,

Jeff