Forum Discussion
BrentKingston
Altostratus
AltostratusAS3 TLS_Client VS TLS_Server Schema confusion
I'm pretty new to AS3 and I'm looking at converting my existing configuration to use AS3 declarations.
I have several HTTPS virtual servers that use SSL Profile (client).
I am following https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/declarations/tls-encryption.html#using-a-client-and-server-tls-profile-in-the-same-declaration as an example to generate a VSS, a client SSL profile, and a server SSL profile.
I am kind of confused because when I run this config, the TLS_Client Schema is writing things to the SSL Server section and the TLS_Server is writing things to the SSL Client section.
Is this how it is supposed to work? Shouldn't the TLS_Client write to the SSL Profile (Client) and TLS_Server write to the SSL Profile (Server)?
Never mind!
I just found the reason in the FAQ
I used a TLS_Server object in my BIG-IP AS3 declaration, why did it create a Client SSL profile on the BIG-IP?
The BIG-IP AS3 naming convention for TLS Server and TLS Client differs from traditional BIG-IP terminology to better comply with industry usage, but may be slightly confusing for long-time BIG-IP users. The BIG-IP AS3 TLS_Server class is for connections arriving to the BIG-IP, which creates a “client SSL profile” object on the BIG-IP. The BIG-IP AS3 TLS_Client class if for connections leaving the BIG-IP, which creates a “server SSL profile” on the BIG-IP. See TLS_Server and TLS_Client in the Schema Reference for more information.
BrentKingstonNever mind!
I just found the reason in the FAQ
I used a TLS_Server object in my BIG-IP AS3 declaration, why did it create a Client SSL profile on the BIG-IP?
The BIG-IP AS3 naming convention for TLS Server and TLS Client differs from traditional BIG-IP terminology to better comply with industry usage, but may be slightly confusing for long-time BIG-IP users. The BIG-IP AS3 TLS_Server class is for connections arriving to the BIG-IP, which creates a “client SSL profile” object on the BIG-IP. The BIG-IP AS3 TLS_Client class if for connections leaving the BIG-IP, which creates a “server SSL profile” on the BIG-IP. See TLS_Server and TLS_Client in the Schema Reference for more information.