For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

puru_73937's avatar
puru_73937
Icon for Nimbostratus rankNimbostratus
Oct 07, 2015

Need to configure Https VIP without ssl offloading in F5

i have configured the virtual server for https traffic but without ssl offloading in the F5. ssl offloading done on application server end. I have configured but is it not working showing page cannot...
Sajan_Network_3's avatar
Sajan_Network_3
Icon for Nimbostratus rankNimbostratus
Jul 12, 2017

@ Kevin Stewart

 

( The 443 traffic enters the VIP and is blindly load balanced to the 443 pool members. Your best (and really only) option for load balancing persistence is source address. )

 

Can't we use SSL persistence in this scenario ?

 

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Jul 12, 2017

    It's generally best practice to renegotiate SSL often, if for no other reason than to freshen the keys. Browsers and web servers will renegotiate periodically, making SSL persistence unusable. There are some very rare non-browser communications that don't renegotiate and can use SSL persistence, but again very rare.