Forum Discussion
decrypting server cookie
Can LTM decrypt a server's cookie (3DES w/private key exchange)?
Login server sets an encrypted cookie containing info that we'd like to reference in a rule.
thanks
/deb
Ok, thanks.
Got it on the preamble for the AES key.
Thanks for the assist. It's a pre-sales eval conditional on LTM acting on info present in the server-set cookie.
My recommendation is going to be that they send an unencrypted cookie value, and let us encrypt/decrypt it. But it would be nice to have options if they can't/won't.
So could you elaborate on grabbing the key with another rule? Very interesting idea. Something like this maybe?
1) Create a VS to be accessed only by the backend server whose key we want.
2) Create a script on the backend server to periodically connect to the virtual server and send a packet containing the key value.
3) Create a rule that will extract the key value from that connection, and populate a global variable making the key value visible to all rules (also to accept connections only from that one server's IP)
I think we'd need a better 2, though, to ensure that the key value is always available to the rule requiring it. I could see that the VS requiring the decryption key could get a request before the server connects to provide the key. And don't some events like b load re-init global variables?
Thanks again, and no rush on an answer for this part.
/deb
