Forum Discussion
Stanislas_Piro2
Nov 22, 2017Cumulonimbus
we discovered this behavior after upgrade to version 13.0 because of ssl log level change since version 12.0 https://support.f5.com/csp/article/K15292
the issue is a serverssl disable / enable is per client side connection on client side context. if the first server side connection used a SSL connection, it can't disable SSL for the following server side connection.
to summarize, SSL::disable serverside or LTP disable serverssl can't disable server side ssl per request.
I wrote following rule for this behavior (this is not the one I tested, I rewrite it here)
when HTTP_REQUEST {
if {[POLICY::targets serverssl] } {
set disable_server_ssl 1
} else {
set disable_server_ssl 0
}
}
when SERVER_CONNECTED {
if { $disable_server_ssl == 1 } then {
SSL::disable serverside
}
}