Re: SSL : Re-negotiation receives POST data not SS...

fianddan · ‎08-22-2012

I'm working on an issue where an IBM Datapower appliance is communicating with a RB Stingray appliance.

SSL is enabled on the Stingray intial VIP and '1-Way' SSL is established - as part of the traffic script rules a 'request client cert' is sent re-negotiating the SSL handshake. Datapower has not yet received the re-negotiation and thinks the SSL is already establised so is already POST'ing data. Once it receives the re-negotiation request it sends the 'client hello' but it's too late.

So the 'client cert' request receives POST data rather than a valid cert it drops the connection.

Any ideas on how to overcome this would be greatly appreciated.

owen · ‎08-29-2012

I hope that this is just a simple misconfiguration on either the Stingary or Datapower side. As far as I know, we've not seen problems like this before.

I think that your best way to proceed would be to take a TCP dump and try to determine who (Stingray or Datapower) is misbehaving in the SSL connection. Our support team will be happy to assist.

fianddan · ‎09-10-2012

Thanks for the reply Owen. Riverbed support were able to provide a solution. (the appliance holds the POST data as a variable in memory until the certificate is received) - thanks.

SSL : Re-negotiation receives POST data not SSL cert

SSL : Re-negotiation receives POST data not SSL cert

Re: SSL : Re-negotiation receives POST data not SSL cert

Re: SSL : Re-negotiation receives POST data not SSL cert