Forum Discussion

cxcal_18687's avatar
cxcal_18687
Icon for Nimbostratus rankNimbostratus
Feb 04, 2011

HELP: SSL 128 cipher failures

Running 10.1.0     VIP was originally setup to use server pool and a HTTP::redirect to https     That works fine with IE 8 and Firefox.     Discovered clients running IE 7 (with 128 ...
config
design
hooleylist's avatar
hooleylist
Icon for Cirrostratus rankCirrostratus
Feb 07, 2011
FTP over SSH or over SSL? LTM cannot offload the encryption for SSH, so you'd just create a virtual server on port 22 and point that at a pool of servers on whichever port(s) the SSH daemon listens on. You could use a Performance L4 virtual server for this.

 

 

For FTPS, it is possible to have LTM decrypt the SSL. I tested this but found that the solution was very dependent on the FTPS client and FTP server types. I'm not sure it's a production-ready solution. The article on this is:

 

 

FTPS Offload via iRules

 

http://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/340/FTPS-Offload-via-iRules.aspx

 

 

There is a CR noting the request to support FTPS offloading, CR47551. You could contact F5 Support to find out if it has been/is planned to be supported at some point. You can ask them to attach your case to the CR to raise the visibility of the request.

 

 

Aaron