For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Steve_Scott_873's avatar
Steve_Scott_873
Historic F5 Account
Jan 28, 2010

Unexpected TMOS utalsiation hit

I have a bigip 6400 platform running LTM v 9.4.7     We have an iRule to direct HTTP requests coming into the F5 from the datacentre out to the appropriate external service (For XML...
application delivery
dev
devops
iRules
Steve_Scott_873's avatar
Steve_Scott_873
Historic F5 Account
Feb 01, 2010
I do indeed mean the server authentication option.

 

 

In our case, we have a mix of native and compat ciphers enabled. We were using native ciphers, however it seems that having compat ciphers enabled meant that the session cache was not working correctly, and sessions were not being resumed - obviously more work.

 

Changing to native only (Disabling DHE and DH ciphers in our case) seems to have the session cache back working, and even if the session cache size is set to 0 then its still pushing 10-15% with 120 TPS rather than 50% with compat there. (Again, we were using AES256+SHA, so its on the native fully accelerated list, it seems merely having compats there in a serverssl profile is enough to cause problems)

 

 

Couldn't find anything on this in the knowdgebase, either before or after i've found the solution