Forum Discussion
dianasy_22580
Nimbostratus
NimbostratusSSL all the way thru webserver and websphere
Hello All,
I have been recently researching about security and how to implement it correctly in our environmnent. Here is the scenario,
browser connect thru https -----> ...
What_Lies_Bene1
Cirrostratus
CirrostratusDee,
1) Probably, that depends on your security policy and the data of course. Yes, anyone can sniff/packet capture the data. Yes, same for Apache to Websphere.
2) There may be a performance hit on the servers (the F5 won't break a sweat) but you'll only be able to judge this by testing I would have thought.
3) LiveHTTPHeaders is displaying the data once the browser has unencrypted it (as with all the relevant HTTP content). To confirm it is encrypted (which I'm sure it is) run Wireshark on the PC and capture traffic to the F5; it'll be clear it's encrypted.
