on-demand cert auth agend
1 TopicAPM On-Demand Cert Auth agent resets the connection when handshake timeout occurs.
Platform: 13.1 SSL client profile: Client Certificate set to Ignore APM Policy: On-demand Cert auth agent rule on first line and set to «Request» In my scenario, I using smartcard with APM policy and On-demand Cert auth Agent. For example, I choose the certificate for authentication but do not have time to enter the PIN-code (smartcard) and handshake timeout occurred (default is 10 sec.). After that, a blank page appears in the browser (Ive tested IE and Chrome last version). The user may think that the service is unavailable. I`ve found the workaround: extend handshake timeout in Client SSL profile. Nevertheless, according to F5 knowledgebase it is not good practice, because of secure attack risk. However, when I set SSL Client Profile to ask certificate (Clint Certificate Request option) - the problem does not recur. I consciously set handshake timeout to 1 sec. Does this mean that the APM On-demand Cert Auth Agent is not working correctly?285Views0likes1Comment