Forum Discussion

Nimbostratus

8 years ago

Cookie insert troubles

I am trying to do cookie-insert persistence along with an iRule that sets the domain value for the cookie. Whenever I have all of the parts together on the virtual server (http profile, cookie persis...

application delivery

LTM

Chris_Grant

Employee

8 years ago

If you are adding a server-ssl-insecurecompatible profile then the back end should be encrypted, just with a weak cipher. In order to have plain text on the back end you would need to remove the serverssl profile entirely.

I will assume that you are changing to a 443 pool when you add the serverssl profile, in which case you likely need to upgrade the servers to support better ciphers.

To explain a bit more, the serverssl profile tells the BigIP to open a connection with the pool member and send a Client Hello. Without this, the BigIP will start with your chosen HTTP Method (normally GET). With a serverssl profile no HTTP data will be transferred until after the SSL connection has been established.

The insecurecompatible profile uses less secure ciphers than the regular profile, but otherwise behaves exactly the same. No HTTP data will be transferred until after the SSL connection has been established.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)