Magnum_IP
Jun 02, 2011Nimbostratus
Client SSL Profile - Renegotiation setting
I am looking at the subtleties of the Renegotiation setting in the Client SSL Profile at the moment.
Can someone please tell me the difference between...
1. Not ticking the Custom tick box for the Renegotiation setting - ie leaving the Renegotiation setting grayed out
2. Ticking the Custom tick box for the Renegotiation setting but leaving the Renegotiation tick box unticked - ie specifically disabling Renegotiation
?
The Help for Renegotiation says...
Controls on a per-connection basis how the system responds to mid-stream SSL reconnection requests. When enabled, the system processes mid-stream SSL renegotiation requests. When disabled, the system terminates the connection, or ignores the request, depending on system configuration. The default is disabled.
If I check the bigip.conf when I implement the two scenarios above I can see that for scenario 1 the config states
renegotiate disable
but in scenario 2 the profile has no mention of renegotiate - does this mean renegotiation is disabled?
Regards,
fergu5