I'm working on an issue where an IBM Datapower appliance is communicating with a RB Stingray appliance. SSL is enabled on the Stingray intial VIP and '1-Way' SSL is established - as part of the traffic script rules a 'request client cert' is sent re-negotiating the SSL handshake. Datapower has not yet received the re-negotiation and thinks the SSL is already establised so is already POST'ing data. Once it receives the re-negotiation request it sends the 'client hello' but it's too late. So the 'client cert' request receives POST data rather than a valid cert it drops the connection. Any ideas on how to overcome this would be greatly appreciated.
... View more