For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

BrentKingston's avatar
BrentKingston
Icon for Altostratus rankAltostratus
Apr 14, 2023
Solved

AS3 TLS_Client VS TLS_Server Schema confusion

I'm pretty new to AS3 and I'm looking at converting my existing configuration to use AS3 declarations.

I have several HTTPS virtual servers that use SSL Profile (client). 

I am following https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/declarations/tls-encryption.html#using-a-client-and-server-tls-profile-in-the-same-declaration as an example to generate a VSS, a client SSL profile, and a server SSL profile.

I am kind of confused because when I run this config, the TLS_Client Schema is writing things to the SSL Server section and the TLS_Server is writing things to the SSL Client section.

Is this how it is supposed to work? Shouldn't the TLS_Client write to the SSL Profile (Client) and TLS_Server write to the SSL Profile (Server)?

 

devops
TLS_Client
TLS_Server
  • BrentKingston's avatar
    BrentKingston
    Apr 14, 2023

    Never mind!

    I just found the reason in the FAQ

    I used a TLS_Server object in my BIG-IP AS3 declaration, why did it create a Client SSL profile on the BIG-IP?

    The BIG-IP AS3 naming convention for TLS Server and TLS Client differs from traditional BIG-IP terminology to better comply with industry usage, but may be slightly confusing for long-time BIG-IP users. The BIG-IP AS3 TLS_Server class is for connections arriving to the BIG-IP, which creates a “client SSL profile” object on the BIG-IP. The BIG-IP AS3 TLS_Client class if for connections leaving the BIG-IP, which creates a “server SSL profile” on the BIG-IP. See TLS_Server and TLS_Client in the Schema Reference for more information.

1 Reply

  • BrentKingston's avatar
    BrentKingston
    Icon for Altostratus rankAltostratus
    Apr 14, 2023

    Never mind!

    I just found the reason in the FAQ

    I used a TLS_Server object in my BIG-IP AS3 declaration, why did it create a Client SSL profile on the BIG-IP?

    The BIG-IP AS3 naming convention for TLS Server and TLS Client differs from traditional BIG-IP terminology to better comply with industry usage, but may be slightly confusing for long-time BIG-IP users. The BIG-IP AS3 TLS_Server class is for connections arriving to the BIG-IP, which creates a “client SSL profile” object on the BIG-IP. The BIG-IP AS3 TLS_Client class if for connections leaving the BIG-IP, which creates a “server SSL profile” on the BIG-IP. See TLS_Server and TLS_Client in the Schema Reference for more information.