LDAPS and renegotiation

Question

Hello, hope everyone is well!we have a requirement to present 2 different issuer/signed certificates based on the incoming client IP. I am pretty sure from an HTTP perspective I would do something like this&nbsp;when CLIENT_ACCEPTED {&nbsp; &nbsp;if {([class match [IP::client_addr] eq signer_list_of_client_A_IPs]) } { &nbsp;&nbsp; &nbsp; &nbsp; SSL::profile cert_with_issuer_type_A&nbsp; &nbsp;} else {&nbsp; &nbsp; &nbsp; SSL::profile cert_with_issuer_type_B&nbsp; &nbsp;}}when HTTP_REQUEST {&nbsp; &nbsp;SSL::renegotiate&nbsp;}Question I have is whether this would work for LDAPS clients and how (if needed at all) the renegotiation step would be achieved, given that the HTTP_REQUEST will not be available.Many thanksJon

sanjayp · Answer

Have you tried using renegotiation option from the clientssl profile?&nbsp;

jon2 · Answer

Thanks Sanjay, good suggestion, I will try that out and report back!

Forum Discussion

LDAPS and renegotiation

2 Replies

Recent Discussions

Rundeck ansible F5 errors

What is the meaning is 52% block in WAF

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Open Redirection Mitigation

Related Content

SSL Legacy Renegotiation vs Secure Renegotiation Explained using Wireshark

SSL Profiles Part 6: SSL Renegotiation

SSL 3.0.7 - Unsafe legacy renegotiation disabled on client side

Re: SSL Renegotiation DOS attack – an iRule Countermeasure

LDAPS vip - how to?