Encrypt Cookies

Question

Hi,&nbsp;
&nbsp;An application penetration test has found our cookies are sent in plain text. The project manager is now wanting to terminate the SSL certificates on the servers. He thinks that because there are no certificates on the web servers it isn't possible to create secure cookies so the only option available is to move the certificates from the F5 to the web servers.&nbsp;
&nbsp;I've had a quick look at the guide and there is an option under the http profile to encrypt cookies. Do I just enable this and create a passphrase, job done? Do I need to be ware of anything when doing this?&nbsp;
&nbsp;Many Thanks
&nbsp;Darren

nathan_houck_65 · Answer

nope.  simple cookie encryption and job is done. :) 
&nbsp;  
&nbsp; Here is more information on this: 
&nbsp; https://support.f5.com/kb/en-us/solutions/public/7000/700/sol7784.html?sr=13759221

Forum Discussion

Encrypt Cookies

1 Reply

Recent Discussions

Claritox Pro Reviews (NEw Updated Customer Warning Alert!) EXPosed Ingredients ^&@pro$49

CelluCare Reviews (NEw Updated Customer Warning Alert!) EXPosed Ingredients ^&@pro$49

CITRIX remote desktop solution using F5 APM

BIG-IP rseries license

F5 iRule to route traffic based on AS2 headers doesnt work

Related Content

Decrypt, Encrypt, Decrypt, Encrypt, Encrypt....

Let's Encrypt

Encrypting Cookies

Cookie Encryption

Automate Let's Encrypt Certificates on BIG-IP