jk20004_44080
Oct 05, 2018Nimbostratus
best way to reject SSL Connections
We use IPI and we drop the requests via iRule because we cannot use ASM at every VS. today we reject the connect in then CLIENT_ACCEPTED but the result is a
SSL Handshake failed for TCP xxx.xxx.xxx.xxx:nnn -> xxx.xxx.xxx.xxx:nnn
in ltm log. do we have to accept that or is there a better way to reject connections like that?
let the connect go on until HTTP_REQUEST is not option because we have the same problem when we use a required Client Certificate where we check for example the UPN and we like to drop the connection if the UPN is invalid or missing.