Forum Discussion
shaggy_121467
Cumulonimbus
still looks like mirroring of terminated ssl is not supported in 11.6: https://support.f5.com/kb/en-us/solutions/public/7000/200/sol7216.html
R_Marc
Oct 31, 2014Nimbostratus
Sure. I just replicated on a VM version (to take fips out of the picture) and it fails the same way.
ltm profile client-ssl myvirtual-client-ssl-profile {
app-service none
authenticate always
authenticate-depth 9
ca-file CA.crt
cert test-ssl-mirror.crt
cert-key-chain {
test-ssl-mirror_test-ssl-mirror {
cert test-ssl-mirror.crt
key test-ssl-mirror.key
}
}
client-cert-ca PRD_MC_Production_Network_Applications_Root_CA.crt
crl-file none
defaults-from clientssl
inherit-certkeychain false
key test-ssl-mirror.key
options { dont-insert-empty-fragments }
passphrase none
peer-cert-mode request
retain-certificate true
session-mirroring enabled
}
ltm profile server-ssl myvirtual-server-ssl-profile {
alert-timeout 10
app-service none
cache-size 262144
cache-timeout 3600
chain none
ciphers DEFAULT
defaults-from serverssl
handshake-timeout 10
mod-ssl-methods disabled
options { dont-insert-empty-fragments }
proxy-ssl disabled
renegotiate-period indefinite
renegotiate-size indefinite
renegotiation enabled
secure-renegotiation require-strict
server-name none
session-mirroring enabled
session-ticket disabled
sni-default false
sni-require false
ssl-forward-proxy disabled
strict-resume disabled
unclean-shutdown enabled
}