Forum Discussion

Nimbostratus

Sep 26, 2018

HTTP or HTTPs on backend servers if SSL Offloading is used

Hi All, Please consider below line diagram as per my setup. Client ===HTTPS===LTM===HTTP===Web SERVERs or DB servers The server team can enable either HTTP or HTTPs on the backend serv...

application delivery

LTM

Kevin_Stewart

Employee

Sep 26, 2018

I would probably argue that, with respect to increased security concerns and the "zero trust" movement, that a better practice would be to re-encrypt to the servers. You of course don't get the full performance benefit of SSL offload, but there's nothing that says you can't use 1K RSA keys on the inside to the servers, and 2K keys and/or ECC to the clients.

If you did re-encrypt to the Tomcat servers, it literally doesn't matter what certificates you apply to the servers, as the F5 will by default ignore server side certificate validation.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

HTTP or HTTPs on backend servers if SSL Offloading is used

SSO Login Update Coming to DevCentral

Kevin - June 2026 Featured F5er

Tyler - May 2026 Featured Member

Recent Discussions

ASM attack signatures not syncing between active and standby F5

Hardware BIG-IP appliance reach EOSS, but the software version running on it not yet?

VPN Communication Error with F5 BIG-IP Edge Client

simultaneous disabling / enabling of all LTM objects

Query on source IP preservation for syslog traffic through F5 virtual server

Related Content

SSL Offloading and Backend pool https

DNS load balancing to backend servers using GTM/LTM.

FTPS Offload via iRules

Backend server IP not visible in TCP dump

What is server offload and why do I need it?

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS