SSL VS keep TCP open if pool down

Question

Hello,&nbsp;
&nbsp;At this time, when a pool behind a vs ssl is down, the vs ssl is down. But it is still possible to negociate ssl.&nbsp;
&nbsp;Is it possible to reject ssl negociation (by closing the port) when the pool is down ?&nbsp;
&nbsp;Thanks for your reply,&nbsp;
&nbsp;Regards,&nbsp;
&nbsp;Flo,&nbsp;&nbsp;

hoolio · Answer

Sure.  Here is a more generic version of the Codeshare example:
http://devcentral.f5.com/wiki/default.aspx/iRules/HowToAvoidSSLHandshakeWhenNoPoolMemberAvailable.html
 This event is triggered when a TCP connection is established with the client
when CLIENT_ACCEPTED {
    Check if the default pool of the VIP has no active members
   if {[active_members [LB::server pool]] &lt; 1}{
       Disable the client SSL profile and send a TCP reset to the client
      SSL::disable
      reject
   }
}
Aaron

Forum Discussion

SSL VS keep TCP open if pool down

1 Reply

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

CVE mitigation on F5 XC vs classic F5 WAF

Could not communicate with the system. Try to reload page.

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

Phishing, Malware, Breach and Open-Source Security

AppWorld 2024 Call For Speakers open

DevCentral Connects Recap: Open Finance, APIs, AI & Security

LTM issue Openning new web browser tab

BIG-IP APM integration with Open Policy Agent (OPA)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS