ssl renegotiation
2 TopicsCiphers on profiles
Hi! Maybe this is stupid question, but I need to know if a virtual server, with ssl server and client profiles, would have any issue if on the ssl client profile uses a particular cipher (let's say TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) and on the ssl server profile uses other cipher (also let's say TLS_RSA_WITH_AES_128_GCM_SHA256.) On the client profile is using a cert issued by a CA, and the server (the real one) is using a self-signed cert (the server profile is ignoring this.) SSL renegotiation is disabled using iRule on the virtual server. Thank you in advance.224Views0likes1CommentHTTP2 without renegotiation breaks sessions?
Greetings, I am trying to enable HTTP2 on F5 BIG-IP 12.1.1. However I had a message saying I need to disable TLS renegotiation in order to use HTTP2. After digging a bit, I have read here and there that disabling renegotiation may lead to connection break if the browser request a new key exchange. As this profile should handle big traffic (HTTP2 and HTTP2 not compliant visitors), I am understanding that using HTTP2 profile is a no go. Am I wrong? Best regards, Matthieu349Views0likes0Comments