For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

fgf_165674's avatar
fgf_165674
Icon for Nimbostratus rankNimbostratus
May 02, 2015

TLS session resumption

Hello,   if I run a test about TLS session resumption in LTM version 11.4.1, it doesn't work.   Instead, if I repeat the same test in LTM version 11.5.1, it works fine.   I am using a SSL cl...
application delivery
LTM
security
fgf_165674's avatar
fgf_165674
Icon for Nimbostratus rankNimbostratus
May 03, 2015

Hi nitass,

 

thanks for your response.

 

This is my test:

 

$ openssl s_client -connect 10.40.5.10:443 -reconnect

 

[...]

 

No client certificate CA names sent

 

SSL handshake has read 5934 bytes and written 893 bytes

 

New, TLSv1/SSLv3, Cipher is AES128-SHA Server public key is 4096 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : AES128-SHA Session-ID: D3E36ACF934B950E3924926DA922667B457160FA70B48F9F43A11CD252A7A6B6 Session-ID-ctx:

 

 Key-Arg   : None
 PSK identity: None
 PSK identity hint: None
 SRP username: None
 Start Time: 1429892007
 Timeout   : 300 (sec)
 Verify return code: 20 (unable to get local issuer certificate)

drop connection and then reconnect CONNECTED(00000003)

 

New, TLSv1/SSLv3, Cipher is AES128-SHA Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : AES128-SHA Session-ID: D3E36ACF93495B1A3924926DA922657A2690A7AA1352D4B443A11CD252A7A6B9 Session-ID-ctx:

 

 Key-Arg   : None
 PSK identity: None
 PSK identity hint: None
 SRP username: None
 Start Time: 1429892008
 Timeout   : 300 (sec)
 Verify return code: 20 (unable to get local issuer certificate)

[...]

 

Can you show the config of the client SSL profile?

 

I suspect that it can be related with the protocol used in the cipher suite.

 

Regards,