Any questions? Post'em

It's likely what you're seeing with the varying size of the reads are SSL record boundaries. Reading 500 bytes at a time is quite small. I suspect this is a really slow client machine or distant network connection? Another possibility would be that BIG-IP supports more ciphers than the server itself, so perhaps the communications between the client and BIG-IP is using a different cipher compared to the communications when testing client to server directly.

 

 

BTW, you might try changing the proxy buffer to a smaller value like 4k. This is just a shot in the dark, though. A tool like ssldump can read packet captures taken from BIG-IP and help to interpret SSL behaviors. If you use a common cipher (like RC4-MD5), you can use ssldump together with your SSL private key to actually decrypt the SSL connection and see the data, and more important, see if what (if any) SSL alerts are occurring.

 

 

I'm sorry I can't be more help. This sounds like an odd situation. :) If you can capture a tcpdump of a successful connection and a failed connection, I'm sure that would really help the support team to figure things out. If there is an example of good and bad behavior, then it's just a matter of figuring out what's different between the two to then solve the problem. :)

 

 

Good luck!

 

 

Mike Lowell