Forum Discussion
Nimbostratus'SSL::disable serverside' not working
I'm working on an iRule that uses a switch statement to send traffic to various pools. The virtual server is configured with clientssl and serverssl. I'm trying to use 'SSL::disable serverside' in one block of the switch statement, however the BIG-IP is still trying to perform a serverside SSL handshake to the port 80 pool member, which obviously fails.
The virtual server is configured with OneConnect, AVR, ASM, and a rewrite profile, in addition to the standard clientssl, serverssl, and HTTP profiles. Using 'LB::detach', 'AVR::disable', and 'ASM::disable' (all together or individually) doesn't make any difference.
Does anyone know why the BIG-IP is still trying a serverside SSL handshake, even though 'SSL::disable serverside' is being used? I'm truly stumped on this one...
TIA!
5 Replies
Brad_ParkerCirrus
Are you using SSL::disable in the SERVER_CONNECTED event?
Michael_JenkinsCirrostratus
Are you sure that the ssl::disable is being executed? Seems like a strange issue. Do you have logging in your iRule to verify everything's happening as you expect?
- Brad_ParkerCan you post your iRule?
- Richard_Jones
@Michael - Yes, I'm sure the command was being executed, as I have logging below the command that was working. I agree, this was a very strange issue that I haven't experienced before.
@Brad - Using SERVER_CONNECTED instead of HTTP_REQUEST is the solution I found as well.
Thanks for your replies, but I was able to figure out a solution.
Instead of calling 'SSL::disable serverside' in HTTP_REQUEST, I'm now setting a variable to 1, then checking that variable in SERVER_CONNECTED. If the variable is 1, then disable serverside SSL.
I don't know why it wasn't working in HTTP_REQUEST (as I've done that for years), but this solution seems to work for me.
Thanks again!
Robert_47833Altostratus
I met similar issue before. and use sever side ssl disable in SERVER_CONNECTED event instead of HTTP_REQUEST solved the problem not sure the exact why....
