Forum Discussion

Rajeev's avatar
Rajeev
Icon for Nimbostratus rankNimbostratus
Jul 24, 2019

Can we have ssl offloading without having HTTP profile on virtual server

Can we have ssl offloading without having HTTP profile on virtual server?

application delivery
LTM
  • Dario_Garrido's avatar
    Dario_Garrido
    Icon for Noctilucent rankNoctilucent
    Jul 24, 2019

    Yes, it's possible.

     

    Actually TLS encryption is made on session layer which is lower than application layer (HTTP).

     

    KR,

    Dario.

    • Dario_Garrido's avatar
      Dario_Garrido
      Icon for Noctilucent rankNoctilucent
      Jul 24, 2019

      BTW, remember to use SSL::payload instead of TCP::payload

      REF - https://clouddocs.f5.com/api/irules/SSL__payload.html

      This is the output ->

      Jul 24 11:43:07 bigip1 info tmm1[10767]: Rule /Common/Rule_Test <CLIENTSSL_HANDSHAKE>: 10.10.1.30:34064: SSL handshake completed, collecting SSL payload
Jul 24 11:43:07 bigip1 info tmm1[10767]: Rule /Common/Rule_Test <CLIENTSSL_DATA>: 10.10.1.30:34064: Collected bytes 289
Jul 24 11:43:07 bigip1 info tmm1[10767]: Rule /Common/Rule_Test <CLIENTSSL_DATA>: 10.10.1.30:34064: Decrypted payload ([SSL::payload]): GET / HTTP/1.1  Host: 10.10.1.100  User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:32.0) Gecko/20100101 Firefox/32.0  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  Accept-Language: en-US,en;q=0.5  Accept-Encoding: gzip, deflate  Connection: keep-alive
Jul 24 11:43:07 bigip1 info tmm1[10767]: Rule /Common/Rule_Test <CLIENTSSL_DATA>: 10.10.1.30:34064: Parsed first line: GET / HTTP/1.1
Jul 24 11:43:07 bigip1 info tmm1[10767]: Rule /Common/Rule_Test <CLIENTSSL_DATA>: 10.10.1.30:34064: Releasing payload

      KR,

      Dario.