SSL offloading
Configuring SSL offloading that allows or denies client renegotiation, is configured in the CLI. This helps to resolve the issues that affect all SSL and TLS servers that support renegotiation, identified by the Common Vulnerabilities and Exposures system in CVE-2009-3555. The IETF is currently working on a TLS protocol change that will permanently resolve the issue. The SSL offloading renegotiation feature is considered a workaround until the IETF permanently resolves the issue.
The CLI command is ssl-client-renegotiation and is found in config firewall vip command.
See Also