Forum Discussion
Andre_Lofton_14
Nimbostratus
NimbostratusHow to configure SSL Pass-through
Currently I have a standard VIP setup using a SSL client profile and SSL server profile. How do I configure it for pass-through?
Brad_Parker_139
Nacreous
NacreousIf you want to still be able to use an HTTP profile you will have to select the Proxy SSL option in both of your profiles. That will also require your pool members to support all the ciphers you make available in the client SSL profile and you will need to disable Diffie-Hellman ciphers. https://support.f5.com/kb/en-us/solutions/public/13000/300/sol13385.html
If you don't need to use an HTTP profile you can just remove both of your client and server SSL profiles.
R_Marc_77962Nimbostratus
NimbostratusPersistence can be done on SSL session ID as well. Not quite as good, in general, as cookie insert but better than source IP. If you are proxying http traffic, however, you have more options available to you with an http profile. If it's TCP over SSL of a non-HTTP variety, obviously don't. Also, IMNSHO, always create a custom profile, for every VIP and every profile type (same for persistence). I've seen too many clients break because of an innocuous change to one of the default profiles (also it's very cheap to say "create ltm profile my-new-profile- { } ")
