08-22-2012 04:33 AM
I'm working on an issue where an IBM Datapower appliance is communicating with a RB Stingray appliance.
SSL is enabled on the Stingray intial VIP and '1-Way' SSL is established - as part of the traffic script rules a 'request client cert' is sent re-negotiating the SSL handshake. Datapower has not yet received the re-negotiation and thinks the SSL is already establised so is already POST'ing data. Once it receives the re-negotiation request it sends the 'client hello' but it's too late.
So the 'client cert' request receives POST data rather than a valid cert it drops the connection.
Any ideas on how to overcome this would be greatly appreciated.
08-29-2012 09:43 AM
I hope that this is just a simple misconfiguration on either the Stingary or Datapower side. As far as I know, we've not seen problems like this before.
I think that your best way to proceed would be to take a TCP dump and try to determine who (Stingray or Datapower) is misbehaving in the SSL connection. Our support team will be happy to assist.
09-10-2012 01:04 AM
Thanks for the reply Owen. Riverbed support were able to provide a solution. (the appliance holds the POST data as a variable in memory until the certificate is received) - thanks.