Forum Discussion

Stanislas_Piro2's avatar
Stanislas_Piro2
Icon for Cumulonimbus rankCumulonimbus
Nov 22, 2017

we discovered this behavior after upgrade to version 13.0 because of ssl log level change since version 12.0 https://support.f5.com/csp/article/K15292

the issue is a serverssl disable / enable is per client side connection on client side context. if the first server side connection used a SSL connection, it can't disable SSL for the following server side connection.

to summarize, SSL::disable serverside or LTP disable serverssl can't disable server side ssl per request.

I wrote following rule for this behavior (this is not the one I tested, I rewrite it here)

when HTTP_REQUEST {
    if {[POLICY::targets serverssl] } {
        set disable_server_ssl 1
    } else {
        set disable_server_ssl 0
    }
}

when SERVER_CONNECTED {
    if { $disable_server_ssl == 1 } then {
        SSL::disable serverside
    }
}