Forum Discussion
Using SSL::sessionid in SSLv2
If someone has clarification, please tell me.
We will use SSL::sessionid in communication or SSLv2.
As sample, we test following irule.
But result have noparameter.
I have a quesion.
Isn't available SSL::sessionid in SSLv2.
I seached for wiki, but it is not describled.
http://devcentral.f5.com/wiki/default.aspx/iRules/SSL__sessionid.htm
irule.
----------------------------------------------------------
when CLIENTSSL_HANDSHAKE {
log local0. "SessionID -> [SSL::sessionid]"
}
----------------------------------------------------------
Result log as follows
----------------------------------------------------------
May 20 09:55:22 local/tmm info tmm[4609]: Rule yotsu_ssl_rule : SessionID ->
May 20 09:55:22 local/tmm info tmm[4609]: Rule yotsu_ssl_rule : SessionID ->
May 20 09:55:23 local/tmm info tmm[4609]: Rule yotsu_ssl_rule : SessionID ->
May 20 09:55:23 local/tmm info tmm[4609]: Rule yotsu_ssl_rule : SessionID ->
----------------------------------------------------------
- hooleylistCirrostratusAre you testing on a physical unit or a VM? In a quick test on v10.2.1 VE, I see the same issue:
when CLIENT_ACCEPTED { log local0. "[IP::client_addr]:[TCP::client_port]: Connected" } when CLIENTSSL_HANDSHAKE { log local0. "[IP::client_addr]:[TCP::client_port]: \[SSL::cipher version\]: [SSL::cipher version], \[SSL::sessionid\]: [SSL::sessionid]" } when HTTP_REQUEST { log local0. "[IP::client_addr]:[TCP::client_port]: [HTTP::request]" HTTP::respond 200 content "hi" }
: 10.1.0.1:58485: Connected : 10.1.0.1:58485: [SSL::cipher version]: SSLv2, [SSL::sessionid]: : 10.1.0.1:58485: GET / : 10.1.0.1:58493: Connected : 10.1.0.1:58493: [SSL::cipher version]: SSLv3, [SSL::sessionid]: 0abe7fe49350fc49cbfd6456a4632d083740b9e8d2d7914c8db4cf87c7350c3c : 10.1.0.1:58493: GET / : 10.1.0.1:58510: Connected : 10.1.0.1:58510: [SSL::cipher version]: TLSv1, [SSL::sessionid]: 0abe7fe49350fc4acbfd6456a4632d083740b9e8d2d7914d8db4cf87c7350c0f : 10.1.0.1:58510: GET /
- Dear Aaron.
- hooleylistCirrostratusIf you find out more on this issue, can you post the case number and/or BD ID?
- This is feedback.
- hooleylistCirrostratusThanks for replying. That's not what I expected. Can you reply with your case number so I can look at the details?
- hooleylistCirrostratusThanks for sending the case number. PD explained that we have never cached the session ID for SSLv2 for internal performance reasons. As a result, SSLv2 clients must establish a session each time they connect. Our official recommendation is to not use SSLv2 on the client SSL profile anyhow, so this is more of an academic exercise.
- Colin_Walker_12Historic F5 AccountNice, very good to know, thanks for the more detailed info Aaron.
old thread, but perhaps interesting, while investigating a session ID issue i saw this: SSL stickiness is supported only on SSLv3 and TLSv1 sessions. The reason for this is that SSLv2 places the session ID within the encrypted data,
source: http://docwiki.cisco.com/wiki/Secure_Sockets_Layer_Persistence_Configuration_Example
not sure if it is true, but it might give some extra background to this.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com