Forum Discussion
Rajeev
Nimbostratus
NimbostratusCan we have ssl offloading without having HTTP profile on virtual server
Can we have ssl offloading without having HTTP profile on virtual server?
Dario_Garrido
Noctilucent
NoctilucentYes, it's possible.
Actually TLS encryption is made on session layer which is lower than application layer (HTTP).
KR,
Dario.
Dario_GarridoNoctilucent
NoctilucentBTW, remember to use SSL::payload instead of TCP::payload
REF - https://clouddocs.f5.com/api/irules/SSL__payload.html
This is the output ->
Jul 24 11:43:07 bigip1 info tmm1[10767]: Rule /Common/Rule_Test <CLIENTSSL_HANDSHAKE>: 10.10.1.30:34064: SSL handshake completed, collecting SSL payload
Jul 24 11:43:07 bigip1 info tmm1[10767]: Rule /Common/Rule_Test <CLIENTSSL_DATA>: 10.10.1.30:34064: Collected bytes 289
Jul 24 11:43:07 bigip1 info tmm1[10767]: Rule /Common/Rule_Test <CLIENTSSL_DATA>: 10.10.1.30:34064: Decrypted payload ([SSL::payload]): GET / HTTP/1.1 Host: 10.10.1.100 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:32.0) Gecko/20100101 Firefox/32.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive
Jul 24 11:43:07 bigip1 info tmm1[10767]: Rule /Common/Rule_Test <CLIENTSSL_DATA>: 10.10.1.30:34064: Parsed first line: GET / HTTP/1.1
Jul 24 11:43:07 bigip1 info tmm1[10767]: Rule /Common/Rule_Test <CLIENTSSL_DATA>: 10.10.1.30:34064: Releasing payloadKR,
Dario.
