Forum Discussion

Aditya_Mehra's avatar
Aditya_Mehra
Icon for Cirrus rankCirrus
Dec 12, 2017

serverssl-insecure-compatible for unsecure ports

Hi All,   Is there an issue if we use serverssl-insecure-compatible for unsecure ports? Have a VIP with serverssl, pool members on 9093 port. Changed to serverssl-insecure-compatible and it works....
application delivery
LTM
security
serverssl
ssl
Ashwin_Venkat's avatar
Ashwin_Venkat
Icon for Employee rankEmployee
Dec 14, 2017

Hello Aditya,

 

You should be able to use the 'serverssl-insecure-compatible' SSL profile for any of the services, regardless of whether it's a standard port or not. The difference between 'serverssl-insecure-compatible', 'serverssl' or any of the other default/base profiles we have is the settings within the profiles, particularly the cipher string. You can build custom profiles using 'serverssl-insecure-compatible' or 'serverssl' as the parent profile and have your own custom cipher string, certificate/key, client authentication (if applicable) settings etc as per your application/environment needs.

 

  • Aditya_Mehra's avatar
    Aditya_Mehra
    Icon for Cirrus rankCirrus
    Dec 15, 2017

    Thanks Ashwin,

     

    So serverssl can also be used if the pool members are not using the standard ports, if we have the relevant ciphers added?

     

    Thanks, Aditya

     

  • igorzhuk's avatar
    igorzhuk
    Icon for Altostratus rankAltostratus
    Jul 30, 2018

    Yes