Forum Discussion
NimbostratusDifference between SSL::disable and SSL Profile
Hello Folks,
can someone explain me what's the difference between an SSL::disable serverside (in an iRule) and no selected SSL profile in the VS configuration.
I am wondering because the Server Connection (no SSL) is working only when I add the iRule with "SSL::disable serverside" command and default "serverssl" Profile in the VS. Without the "serverssl" Profile the connection isn't working anymore. Why do I need an SSL Profile in the VS configuration for an non SSL connection to the backend server?
Can someone explain me that?
Thanks a lot
3 Replies
amolariCirrostratus
Normally you don't configure server SSL profile(assigned to VS) if you do not want to SSL encrypt the communication between your LTM and the backend. The situation you describe is weird. Is server SSL somewhere else in your iRule enabled? Or in a LTM policy?
- Hannes_Rapp
For the use of iRules which are referencing to
orSSL::enable serverside
functions, the prerequisite is having a SSL serverside profile assigned to a virtual server.SSL::disable serverside1) Having a SSL serverside profile assigned to a virtual server (and using
function in an iRule): - You are instructing F5 to exceptionally avoid negotiating a SSL session with the backend server. Useful if you want most of your f5-to-backend-server communication to be SSL, but create a few non-SSL exceptions. 2) Not having a SSL serverside profile assigned to a virtual server: - F5 never negotiates a SSL session with a backend-server. You are unable to reference toSSL::disable serverside
andSSL::enable serverside
functions in an iRule. Useful if you want all of your F5-to-backend-server communication to be non-SSL.SSL::disable serverside 
reen_sc_140631No...I can't find any SSL parameters
when SERVER_CONNECTED { if { [LB::server pool] eq "/partition/pool_http_tcp50000" } { SSL::disable serverside } }
