For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

jquinones82_469's avatar
jquinones82_469
Icon for Nimbostratus rankNimbostratus
Nov 07, 2013

How to Configure VS Listening on Port 443 with pool members listening on 443

I normally do SSL offloading where the VIP is listening on 443, but the pool member is on port 80. Everything works well. Now, I need to do 443 on both ends. What is the correct way to create the SSL Server profile to enable traffic to flow as at the current moment, I'm getting funny characters in IE or in Chrome, nothing passes through.

 

I have never done this type of request and I'm looking for some help.

 

big-ip ltm
deployment
ssl profile

2 Replies

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Nov 07, 2013

    In many cases, all you need is a generic server SSL profile applied to the VIP and a pool that passes the traffic to servers listening on port 443 SSL. Anything other than the default settings in the server SSL profile will be dependent on any SSL/cipher requirements imposed by the server. If you're using an older web server (IIS 6 or older Apache), you may need to set Secure Renegotiation setting to "Request". If that's the case you'll also see Secure Renegotiation error messages in the LTM log (/var/log/ltm).

     

  • jquinones82_469's avatar
    jquinones82_469
    Icon for Nimbostratus rankNimbostratus
    Nov 07, 2013

    Thanks for the info.

     

    serverssl-insecure-compatible

     

    which uses the following ciphers: !SSLv2:!EXPORT:!DH:RSA+RC4:RSA+AES:RSA+DES:RSA+3DES:@SPEED

     

    I will look into your advice. I appreciate it.