1 Reply Latest reply: Oct 31, 2017 7:30 AM by Ken Vance RSS

SSL renegotiation support for passthrough connections

Maria G.

Hi All,

 

I have the following situation here :

 

  • We are trying to optimize Outlook Anywhere and the load-balancers we are using are requiring SSL renegotiations for some of the SSL sessions to the Exchange servers. According to Riverbed documentation this is not supported and the renegotiated connections are dropped and the server bypassed for 5 minutes.
  • As we were able to distinguish, based on IP, the clients requiring renegotiation, we configured in-path rules to bypass (pass-through) those IPs.

 

Nevertheless, the SteelHead continues to drop these connections.

 

Is this normal behavior : SSL renegotiation is not supported even if there is a pass-through rule for the connection ?

 

Giving the fact that the servers are on the bypass list almost all of the time, we are not getting very much optimization fot the email traffic.

 

 

For your information, the in-path rule is configured as follows :

<Src IP/mask> to <Dst server/32:443> and they are configured before any other rules.

 

Thank you!

 

Regards,

 

Maria G.