For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

ringoseagull_77's avatar
ringoseagull_77
Icon for Nimbostratus rankNimbostratus
Aug 17, 2010

TLS Renegotiation Extension warning after upgrade to 10.1

Since upgrading a pair of 1600s from 9.4.7 to 10.1 we are getting TLS Renegotiation Extension warnings on https pages.     Is this a known problem (I can't see anything from a search) or is it t...
config
design
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Aug 18, 2010
I think it was in 10.1 that a new client SSL option for enabling/disabling SSL renegotation was added. It should be set to disabled by default. You'll see a warning in /var/log/ltm when LTM requests/requires a client cert (based on a client SSL profile client cert setting or an iRule that calls SSL::renegotiate). If you don't enable SSL renegotiation on the client SSL profile, LTM will not renegotiate the SSL handshake.

 

 

Is that the type of info you were looking for? If not, can you clarify?

 

 

Also, I don't know of anything that LTM would do in 10.1 versus older 9.x versions which would cause insecure content warnings on the browser. Is it possible that the client config has changed or you're testing with a new client?

 

 

Aaron