cancel
Showing results for 
Search instead for 
Did you mean: 

SSL : Re-negotiation receives POST data not SSL cert

Highlighted
New Contributor

SSL : Re-negotiation receives POST data not SSL cert

I'm working on an issue where an IBM Datapower appliance is communicating with a RB Stingray appliance.

 

SSL is enabled on the Stingray intial VIP and '1-Way' SSL is established - as part of the traffic script rules a 'request client cert' is sent re-negotiating the SSL handshake. Datapower has not yet received the re-negotiation and thinks the SSL is already establised so is already POST'ing data. Once it receives the re-negotiation request it sends the 'client hello' but it's too late.

 

So the 'client cert' request receives POST data rather than a valid cert it drops the connection.

 

Any ideas on how to overcome this would be greatly appreciated.

2 REPLIES
Frequent Contributor

Re: SSL : Re-negotiation receives POST data not SSL cert

I hope that this is just a simple misconfiguration on either the Stingary or Datapower side.  As far as I know, we've not seen problems like this before.

 

I think that your best way to proceed would be to take a TCP dump and try to determine who (Stingray or Datapower) is misbehaving in the SSL connection.  Our support team will be happy to assist.

New Contributor

Re: SSL : Re-negotiation receives POST data not SSL cert

Thanks for the reply Owen. Riverbed support were able to provide a solution. (the appliance holds the POST data as a variable in memory until the certificate is received) - thanks.