For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Krishna_251070's avatar
Krishna_251070
Icon for Nimbostratus rankNimbostratus
Nov 19, 2017

HTTPS not working with standard Virtual Server

Hello,

 

I have a standard VS configured to work for HTTPS. There is no client/server SSL profile configured in the VS. But for some reason its not working. But if I change the VS to 'Performance(Layer 4)', it will work. I am wondering why this is so?

 

Here is my config:

 

 

Any help would be appreciated!

 

application delivery
BIG-IP

2 Replies

  • Simon_Blakely's avatar
    Simon_Blakely
    Icon for Employee rankEmployee
    Nov 19, 2017

    You may be having fragmentation or MTU issues.

     

    A FastL4 virtual passes traffic without proxying, so packets on the server-side have the same TCP options as the client side packets.

     

    A Standard virtual establishes a full connection on the client-side, and the server-side TCP options may be different to the client-side options. This may cause problems with packet fragmentation and reassembly that can interfere with SSL negotiation. You would need to collect a packet capture to be certain about what is happening.

     

    I'd generally recommend FastL4 virtuals for SSL passthrough, as opposed to Standard virtuals, for this reason.

     

  • eey0re's avatar
    eey0re
    Icon for Cirrostratus rankCirrostratus
    Nov 19, 2017

    You have an HTTP profile associated with your port 443 VS. If you are expecting TLS between the browser and the backend server to work, without Client and Server SSL profiles on the VS, then you need to remove the HTTP profile.