I'm working on an issue where an IBM Datapower appliance is communicating with a RB Stingray appliance.
SSL is enabled on the Stingray intial VIP and '1-Way' SSL is established - as part of the traffic script rules a 'request client cert' is sent re-negotiating the SSL handshake. Datapower has not yet received the re-negotiation and thinks the SSL is already establised so is already POST'ing data. Once it receives the re-negotiation request it sends the 'client hello' but it's too late.
So the 'client cert' request receives POST data rather than a valid cert it drops the connection.
Any ideas on how to overcome this would be greatly appreciated.
I hope that this is just a simple misconfiguration on either the Stingary or Datapower side. As far as I know, we've not seen problems like this before.
I think that your best way to proceed would be to take a TCP dump and try to determine who (Stingray or Datapower) is misbehaving in the SSL connection. Our support team will be happy to assist.
Thanks for the reply Owen. Riverbed support were able to provide a solution. (the appliance holds the POST data as a variable in memory until the certificate is received) - thanks.