Forum Discussion
jerm1020_254086
Nimbostratus
Nimbostratuscookie encyption passphrase
I realize this is a pretty basic question so don't skewer me. I want to enable cookie encryption which seems like a very painless process, but I'm just curious as to what the cookie encryption passphrase is used for? is this going to be needed to be given out to users? whats the use and when is it utilized? further configuration needed on other devices for it? any and all help is always appreciated.
Anthony_Pineda_Hi jerm1020. I'm not a crypto expert but let me take a stab at this. The passphrase may be used by the F5 AES process to do a mathematical computation like XOR to come up with the encrypted value for your cookie. You don't give this out to user because it is used by F5 appliance. There is no other configuration on other devices as far as I'm concerned.
ekaleidoCirrus
Yeah. It's just the key used to encrypt the cookie. Otherwise the cookie will contain data related to your virtual server's name and the IP(s) of the pool member(s).
- Anthony_Pineda
Hi jerm1020. I'm not a crypto expert but let me take a stab at this. The passphrase may be used by the F5 AES process to do a mathematical computation like XOR to come up with the encrypted value for your cookie. You don't give this out to user because it is used by F5 appliance. There is no other configuration on other devices as far as I'm concerned.
- ekaleido
Yeah. It's just the key used to encrypt the cookie. Otherwise the cookie will contain data related to your virtual server's name and the IP(s) of the pool member(s).
