Forum Discussion

Nimbostratus

Apr 07, 2008

SSL VS keep TCP open if pool down

Hello, At this time, when a pool behind a vs ssl is down, the vs ssl is down. But it is still possible to negociate ssl. Is it possible to reject ssl negociation (by closing the po...

config

design

hoolio

Cirrostratus

Apr 07, 2008

Sure. Here is a more generic version of the Codeshare example:

http://devcentral.f5.com/wiki/default.aspx/iRules/HowToAvoidSSLHandshakeWhenNoPoolMemberAvailable.html


 This event is triggered when a TCP connection is established with the client
when CLIENT_ACCEPTED {
    Check if the default pool of the VIP has no active members
   if {[active_members [LB::server pool]] < 1}{
       Disable the client SSL profile and send a TCP reset to the client
      SSL::disable
      reject
   }
}

Aaron

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

SSL VS keep TCP open if pool down

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

CVE mitigation on F5 XC vs classic F5 WAF

Could not communicate with the system. Try to reload page.

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

Phishing, Malware, Breach and Open-Source Security

AppWorld 2024 Call For Speakers open

DevCentral Connects Recap: Open Finance, APIs, AI & Security

LTM issue Openning new web browser tab

BIG-IP APM integration with Open Policy Agent (OPA)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS