Forum Discussion
Brad_H_9706
Nimbostratus
NimbostratusServer SSL Profiles work with Virtual Edition?
I saw the release notes said that "Advanced SSL features" were not included in Virtual Edition, but there is no mention of what this includes.
I've got my Virtual Servers set up without a Server SSL profile and it works just fine. As soon as I try to switch the nodes over to 443 and set a server ssl profile, it just stalls. Tcpdump's show that both side of the negotiation happen, but then there isn't any data that flows.
Has anybody gotten this to work, or am I just doing something dumb?
- And what happens when you hit the servers directly with a browser on 443? Take out the LTM. Does the traffic look the exact same?
Brad_H_9706Well other than it working, it looks similar. I can't say it's exactly the same since it is another entirely new SSL session. There will be different session id's, random numbers, etc in the ssl negotiation.
Are you saying you were able to get this working on Virtual Edition?
VonneI have the same problem. It’s possible to load balancing SSL traffic without ssl profile. But if I configure sslprofile no data flow occur.
I can see that SSL 500 TPS are included with BIG-IP VE, so the use of ssl profiles should work without problems. Are there some extra procedures that must be performed for ssl termination?- Brad_H_9706Good to know it's not just me. I opened a support case on this just now. I'd really like to know if this is supposed to work or if it's just a bug in Virtual Edition.
- Brad_H_9706Just FYI - this does seem to fall into the category of things that don't work with Virtual Edition. This was confirmed with F5 Support.
Perry_71428Hi BradH
We have just hit the same issue. Did F5 Support indicate that this is a bug that they are going to fix or did they just say "Buy a real BIG-IP!!"?
It really messes us up, as it means we end up having to configure our test pools without Cookie Persistance and no SSL passthrough.
Cheers
Perry