Forum Discussion

JoshBecigneul's avatar
Mar 26, 2024

Portal Access to HTTPS resources slow

Hey all,

Wanted to reach out to see if anyone has dealt with Portal Access and performance issues for resources in the backend that use HTTPS. I'm on version 15.x, recently upgraded to v15.1.10.3, and the issue persists. I also have the iRule to patch issues with Chrome 122+.

On the client-side, only HTTPS is permitted. If the backend app is allowed to use HTTP then it works well. But having backend traffic use HTTPS in some instances makes the app nearly unusable. And in the cases where the backend tries to enforce a http-to-https redirect effectively "blocks" the access.

Trying to change a number of options has yielded little results. I do have a case open with F5 and captures provided.

Thanks in advance...

Josh Becigneul

4 Replies

  • Hi, Did you figure it out for this issue? Was it related to full patching settings vs minimal patching or something else? Alternatively, if applications are web based, then can be configured as application tunnel with Chrome or any other browser. 

  • please ensure that oneconnect profile is enabled on the http profile assigned to the vs, so that bigip can use 1 server side tcp connection for multiple client sessions.
    as 1 tcp session equals to 1 tls/ssl session, hence reducing number of server side tcp session will also reduce the number of server side tls session.

    you might also need to reduce tls cipher set strength of the server "side" ssl profile to reduce server processing load, e.g:

    • only use aes 128 bit and disable aes aes 256 or higher
    • disable ecdhe / dhe , hence it will only use rsa/dsa


    additionally, ensure that server uses hardware accelerated aes (intel/amd aes-ni).


  • You might want to try bypassing the clientside of the BIG-IP --> Portal Resource HTTPS connection's certificate verification by setting the serverssl profile to "ignore" the server's certificate, here:



  • Aside from the other great suggestions, I recommend planning a major code upgrade.  Minimum 16.1.x if you can't get to v17.1.x.  v15.1 code train goes End of Software Development at the end of 2024.

    K5903: BIG-IP software support policy