Forum Discussion
mbkosiba_310067
Nimbostratus
NimbostratusCookie insert troubles
I am trying to do cookie-insert persistence along with an iRule that sets the domain value for the cookie. Whenever I have all of the parts together on the virtual server (http profile, cookie persis...
Chris_Grant
Employee
EmployeeIf you are adding a server-ssl-insecurecompatible profile then the back end should be encrypted, just with a weak cipher. In order to have plain text on the back end you would need to remove the serverssl profile entirely.
I will assume that you are changing to a 443 pool when you add the serverssl profile, in which case you likely need to upgrade the servers to support better ciphers.
To explain a bit more, the serverssl profile tells the BigIP to open a connection with the pool member and send a Client Hello. Without this, the BigIP will start with your chosen HTTP Method (normally GET). With a serverssl profile no HTTP data will be transferred until after the SSL connection has been established.
The insecurecompatible profile uses less secure ciphers than the regular profile, but otherwise behaves exactly the same. No HTTP data will be transferred until after the SSL connection has been established.