For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

kunalPatel_3157's avatar
kunalPatel_3157
Icon for Cirrus rankCirrus
May 15, 2017

Configuring cookie encryption within the HTTP profile

K14784: Configuring cookie encryption within the HTTP profile (10.x - 12.x)   Followed this Not able to encrypt cookies any thoughts?   Running on 11.4  
LTM
security
Ashwin_Venkat's avatar
Ashwin_Venkat
Icon for Employee rankEmployee
Jun 24, 2017

Hello Kunal,

Can you confirm that you entered the Cookie Encryption Passphrase after entering the appropriate cookie name under 'Encrypt Cookies' option within the HTTP profile? Without the passphrase being in place, you won't see the cookies being encrypted.

If both these settings are in place, then can you return the output you see for the following command in your command line:

egrep '^ltm profile http|encrypt-cookie' bigip.conf

For example, this is what I see when I run this command in my lab unit that contains the passphrase as well as the cookie name "foo":

egrep '^ltm profile http|encrypt-cookie' bigip.conf

ltm profile http /Common/custom-http {
    encrypt-cookie-secret $M$2p$r+mlhEDU9JUdh7R6T80nDg==
    encrypt-cookies { foo }