SSL Profiles Part 6: SSL Renegotiation

This is the sixth article in a series of Tech Tips that highlight SSL Profiles on the BIG-IP LTM. SSL Overview and Handshake SSL Certificates Certificate Chain Implementation Cipher Suites ...
Updated Mar 25, 2023
Version 2.0
LTM
security
series-the-ssl-profile
ssl
tech tip
canttalkeating's avatar
canttalkeating
Icon for Altocumulus rankAltocumulus
Dec 16, 2019

Hi John, this is a great article and so thanks for taking time to cover it.

 

One question I have that I would like a bit of clarification on is the whole Require vs. Require Strict and the difference between them.

 

Would I be correct in saying that Setting Secure Renegotiation to Require will allow initial SSL connections to be established with a lesser/weaker cipher but will fail Secure Renegotiation when the server responds to say it doesn't support Secure Renegotiation?

 

And Require Strict will not even allow the initial SSL Connection to be established on the weaker supported cipher if there is a chance that the Server may fail to renegotiate at any point during the session, and so the initial session is not even established as a result?

 

Cheers,

 

David