Forum Discussion
shaggy
Nimbostratus
still looks like mirroring of terminated ssl is not supported in 11.6: https://support.f5.com/kb/en-us/solutions/public/7000/200/sol7216.html
R_Marc
Oct 31, 2014Nimbostratus
According to this, it should be now, unless I'm reading it wrong:
https://devcentral.f5.com/articles/the-top-ten-hardcore-f5-security-features-in-big-ip-116
Number 3: SSL Session Mirroring
Full SSL handshakes are computationally expensive. This is one of the reasons that enterprises use F5’s LTM as SSL decryption mechanisms. Suppose you are lucky enough to have a site with a lot of SSL traffic. What if something happens and your primary ADC stops receiving traffic and the secondary has to pick up all those active connections? You want the secondary to perform cheap resumption handshakes (based off a shared session ID cache) with all the clients instead of full handshakes.
mirroring
You can now share SSL session ID caches across traffic groups so that failovers won’t cause massive spikes in full SSL handshakes.