F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Frank_30530's avatar
Frank_30530
Icon for Altocumulus rankAltocumulus
Feb 05, 2019

SSL::enable/SSL::disable unexpected behaviour

I have a question about the specific bahaviour of LTM with regard to SSL::enable/SSL::disable. I have a virtual server with two pools: One pool has a member that needs TLS communication; The ot...
application delivery
detach
irule
iRules
LTM
ssl
tls
jaikumar_f5's avatar
jaikumar_f5
Icon for Noctilucent rankNoctilucent
Feb 05, 2019

Just a thought, I see in your 1st irule you are making SSL disable in the clientside of the connection, Http request. Because when you do not sepcify context side, it will apply to the default connection side. So here it's SSL DISABLE for client SSL alone. But your serverssl is still enabled. Thereby when sent to serverside, serverssl still applies.

when HTTP_REQUEST {

  if {  } {
     select the tls-pool: enable server side SSL
    SSL::enable
    pool 
  }
  else {
     select the http-pool: disable server side SSL
    SSL::disable
    pool 
  }

}

If you try the below, it should work too.

when HTTP_REQUEST {

  if {  } {
     select the tls-pool: enable server side SSL
    SSL::enable
    pool 
  }
  else {
     select the http-pool: disable server side SSL
    SSL::disable
     Not really sure if both context sides can be mentioned in one command :very) SSL::disable clientside serverside
    SSL::disable serverside
    pool 
  }

}