Eventually the above set up works, but we get occassions (3-4 times per hour on less frequent traffic) when application breaks.
NORMAL SESSION (bottom to up order) - SSL handshake first followed by HTTP_REQUEST:
===================================================================================
Mon Dec 4 20:42:30 GMT 2017 info xyz tmm2[14307] Rule /Common/irule-xyz : Third line ---- Session ID: 6bec8b8b1dd0fb69efaa0c4a48b409f9c7f3d59ccc2826557479aaa18fbaea18 Cert ID: 0‚0‚þ ��š0 *†H†÷ ��010Uxyz xyz xyz0ReplaceWith 170102135806Z 190102135806Z0U1 0 UGB1*0(U !xyz xyz.10Uxyz.xyz.com0‚"0 *†H†÷ ��‚��0‚ ‚��ÔN‰xÉ D÷ôàe½[æ¿i/›¤zÇ:F³¥´È5]Ú»Ûc‰E/òWKm¦�aÝÃm£Úp¾�Sô¡ M\H³¸*î<1{ž»ä¹l²×ò*ReplaceWithó“8!Š}"u~zf¿Ô�èß÷4e^Їr‘RgÖ_HŸÛZ9íКw8ò� <0NKÀ³lWuž±�¸Èäü¼Õv�\zíI¨j@$»ô ¨È.ŠÔ°SÝóùYÍllÕv,îóÀâvh0£½��4Æ6?2>öõzE±„—8<]-@pÁ]²ö{t4;^·4dúÊm„yçMB~; jÝdœ�B&ÉÜ>q ¾û!0,)��£‚$0‚ 0Uefæåœyº2}^sӄ؃..Šs0U0€w,å×ürS––ÌÝ"[]P€>é¾±0Uÿ0ÿ��0U ÿ00 +‚ž90?+3010/+0†
Mon Dec 4 20:42:30 GMT 2017 info xyz tmm2[14307] Rule /Common/irule-xyz : SSL certificate found, inserting .x509 into HTTP request, cert verify result - ok
Mon Dec 4 20:42:30 GMT 2017 info xyz tmm2[14307] Rule /Common/irule-xyz : Second line ---- Session ID: 6bec8b8b1dd0fb69efaa0c4a48b409f9c7f3d59ccc2826557479aaa18fbaea18 Cert ID: 0‚0‚þ ��š0 *†H†÷ ��010Uxyz xyz xyz0ReplaceWith 170102135806Z 190102135806Z0U1 0 UGB1*0(U
Mon Dec 4 20:42:30 GMT 2017 info xyz tmm2[14307] Rule /Common/irule-xyz : Session ID: 6bec8b8b1dd0fb69efaa0c4a48b409f9c7f3d59ccc2826557479aaa18fbaea18 Cert ID: 0‚0‚þ ��š0 *†H†÷ ��010Uxyz xyz xyz0ReplaceWith 170102135806Z 190102135806Z0U1 0 UGB1*0(U !xyz xyz.10Uxyz.xyz.com0‚"0 *†H†÷ ��‚��0‚ ‚��ÔN‰xÉ D÷ôàe½[æ¿i/›¤zÇ:F³¥´È5]Ú»Ûc‰E/òWKm¦�aÝÃm£Úp¾�Sô¡ M\H³¸*î<1{ž»ä¹l²×ò*ReplaceWithó“8!Š}"u~zf¿Ô�èß÷4e^Їr‘RgÖ_HŸÛZ9íКw8ò� <0NKÀ³lWuž±�¸Èäü¼Õv�\zíI¨j@$»ô ¨È.ŠÔ°SÝóùYÍllÕv,îóÀâvh0£½��4Æ6?2>öõzE±„—8<]-@pÁ]²ö{t4;^·4dúÊm„yçMB~; jÝdœ�B&ÉÜ>q ¾û!0,)��£‚$0‚ 0Uefæåœyº2}^sӄ؃..Šs0U0€w,å×ürS––ÌÝ"[]P€>é¾±0Uÿ0ÿ��0U ÿ00 +‚ž90?+3010/+0†http://xyz.xyz.com/etn/etn.crt04
Mon Dec 4 20:42:30 GMT 2017 info xyz tmm2[14307] Rule /Common/irule-xyz : Cert verify result - ok
Mon Dec 4 20:42:30 GMT 2017 info xyz tmm2[14307] Rule /Common/irule-xyz : First line ---- Session ID: 6bec8b8b1dd0fb69efaa0c4a48b409f9c7f3d59ccc2826557479aaa18fbaea18 Cert ID: 0‚0‚þ ��š0 *†H†÷ ��010U0ReplaceWith 170102135806Z 190102135806Z0U1 0 UGB1*0(U !0U0‚"0 *†H†÷ ��‚��0‚ ‚��ÔN‰xÉ D÷ôàe½[æ¿i/›¤zÇ:F³¥´È5]Ú»Ûc‰E/òWKm¦�aÝÃm£Úp¾�Sô¡ M\H³¸*î<1{ž»ä¹l²×ò*ReplaceWithó“8!Š}"u~zf¿Ô�èß÷4e^Їr‘RgÖ_HŸÛZ9íКw8ò� <0NKÀ³lWuž±�¸Èäü¼Õv�\zíI¨j@$»ô ¨È.ŠÔ°SÝóùYÍllÕv,îóÀâvh0£½��4Æ6?2>öõzE±„—8<]-@pÁ]²ö{t4;^·4dúÊm„yçMB~; jÝdœ�B&ÉÜ>q ¾û!0,)��£‚$0‚ 0Uefæåœyº2}^sӄ؃..Šs0U0€w,å×ürS––ÌÝ"[]P€>é¾±0Uÿ0ÿ��0U ÿ00 +‚ž90?+3010/+0†
BROKEN SESSION:(bottom to up order) - it seems like renegotiation as HTTP_REQUEST happens first ?, then CLIENTSSL_CLIENTCERT event does not re-call another HTTP_REQUEST as is normal session):
============================================================================================================================================================================
Mon Dec 4 21:18:30 GMT 2017 info xyz tmm7[14307] Rule /Common/irule-xyz : Session ID: 6bec8b8b1dd09d6aefaa0c4a48b40cf93e8a72763551dfe67479aaa18fbae2e8 Cert ID: 0‚0‚þ ��š0 *†H†÷ ��010Uxyz xyz xyz0ReplaceWith 170102135806Z 190102135806Z0U1 0 UGB1*0(U !xyz xyz.10Uxyz.xyz.com0‚"0 *†H†÷ ��‚��0‚ ‚��ÔN‰xÉ D÷ôàe½[æ¿i/›¤zÇ:F³¥´È5]Ú»Ûc‰E/òWKm¦�aÝÃm£Úp¾�Sô¡ M\H³¸*î<1{ž»ä¹l²×ò*ReplaceWithó“8!Š}"u~zf¿Ô�èß÷4e^Їr‘RgÖ_HŸÛZ9íКw8ò� <0NKÀ³lWuž±�¸Èäü¼Õv�\zíI¨j@$»ô ¨È.ŠÔ°SÝóùYÍllÕv,îóÀâvh0£½��4Æ6?2>öõzE±„—8<]-@pÁ]²ö{t4;^·4dúÊm„yçMB~; jÝdœ�B&ÉÜ>q ¾û!0,)��£‚$0‚ 0Uefæåœyº2}^sӄ؃..Šs0U0€w,å×ürS––ÌÝ"[]P€>é¾±0Uÿ0ÿ��0U ÿ00 +‚ž90?+3010/+0†http://xyz.xyz.com/etn/etn.crt04
Mon Dec 4 21:18:30 GMT 2017 info xyz tmm7[14307] Rule /Common/irule-xyz : Cert verify result - ok
Mon Dec 4 21:18:30 GMT 2017 info xyz tmm7[14307] Rule /Common/irule-xyz : First line ---- Session ID: 6bec8b8b1dd09d6aefaa0c4a48b40cf93e8a72763551dfe67479aaa18fbae2e8 Cert ID: 0‚0‚þ ��š0 *†H†÷ ��010Uxyz xyz xyz0ReplaceWith 170102135806Z 190102135806Z0U1 0 UGB1*0(U !xyz xyz.10Uxyz.xyz.com0‚"0 *†H†÷ ��‚��0‚ ‚��ÔN‰xÉ D÷ôàe½[æ¿i/›¤zÇ:F³¥´È5]Ú»Ûc‰E/òWKm¦�aÝÃm£Úp¾�Sô¡ M\H³¸*î<1{ž»ä¹l²×ò*ReplaceWithó“8!Š}"u~zf¿Ô�èß÷4e^Їr‘RgÖ_HŸÛZ9íКw8ò� <0NKÀ³lWuž±�¸Èäü¼Õv�\zíI¨j@$»ô ¨È.ŠÔ°SÝóùYÍllÕv,îóÀâvh0£½��4Æ6?2>öõzE±„—8<]-@pÁ]²ö{t4;^·4dúÊm„yçMB~; jÝdœ�B&ÉÜ>q ¾û!0,)��£‚$0‚ 0Uefæåœyº2}^sӄ؃..Šs0U0€w,å×ürS––ÌÝ"[]P€>é¾±0Uÿ0ÿ��0U ÿ00 +‚ž90?+3010/+0†http://xyz.xyz.c
Mon Dec 4 21:18:30 GMT 2017 info xyz tmm7[14307] Rule /Common/irule-xyz : Renegotiating session...
Mon Dec 4 21:18:30 GMT 2017 info xyz tmm7[14307] Rule /Common/irule-xyz : Cert verify result - ok
Mon Dec 4 21:18:30 GMT 2017 info xyz tmm7[14307] Rule /Common/irule-xyz : Second line ---- Session ID: 6bec8b8b1dd09d6defaa0c4a48b40cf93e8a72763551dfef7479aaa18fbae398 Cert ID: 0‚0‚þ ��š0 *†H†÷ ��010Uxyz xyz xyz0ReplaceWith 170102135806Z 190102135806Z0U1 0 UGB1*0(U !xyz xyz.10Uxyz.xyz.com0‚"0 *†H†÷ ��‚��0‚ ‚��ÔN‰xÉ D÷ôàe½[æ¿i/›¤zÇ:F³¥´È5]Ú»Ûc‰E/òWKm¦�aÝÃm£Úp¾�Sô¡ M\H³¸*î<1{ž»ä¹l²×ò*ReplaceWithó“8!Š}"u~zf¿Ô�èß÷4e^Їr‘RgÖ_HŸÛZ9íКw8ò� <0NKÀ³lWuž±�¸Èäü¼Õv�\zíI¨j@$»ô ¨È.ŠÔ°SÝóùYÍllÕv,îóÀâvh0£½��4Æ6?2>öõzE±„—8<]-@pÁ]²ö{t4;^·4dúÊm„yçMB~; jÝdœ�B&ÉÜ>q ¾û!0,)��£‚$0‚ 0Uefæåœyº2}^sӄ؃..Šs0U0€w,å×ürS––ÌÝ"[]P€>é¾±0Uÿ0ÿ��0U ÿ00 +‚ž90?+3010/+0†http://xyz.xyz.com/etn/
Any pointers would be appreciated.
Thanks