Forum Discussion
SSL Full Proxy - SSL Re-Encryption performance degradation
- Dec 01, 2022
Hello LanceLyons , Kai_Wilke provided a full list what can cause you such issues and if this helped please mark his reply as a solution. Outside of that if you are using a hardware device maybe see if hardware ssl ciphers are used for better performance as mentioned in https://support.f5.com/csp/article/K75983426 / https://support.f5.com/csp/article/K50459385 / https://support.f5.com/csp/article/K13213 and the /var/log/ltm if you are hitting some license limit for example.
Hi LanceLyons ,
No issues from F5 perspective as ( irules , loadbalancing and persistence shouldn’t be impacted ) because F5 interested in decrypting traffic that coming from client-side to deal with http payload decrypted.
> when you configure server ssl or ssl bridging you re-encrypt traffic again and directs it web servers encrypted , F5 hasn’t issues in this scenario , you need only to check the server itself , if it affords the process of decryption again as you know in " ssl offloading " you let F5 to be the only hop which performs decryption and offloads servers to do this exhausting task.
> usually I performs " SSL bridging (configure client and server ssl profiles )" with our customers , and we have not faced any issues regarding server ssl to re-encrypt traffic again.
Regards
- LanceLyonsNov 28, 2022Cirrus
Thanks Mohamed,
Have you all noticed any performance degradation to heavily used websites from an end user perspective with the decryption at f5 and reencrypt at f5?- Nov 28, 2022
LanceLyons ,
No , I performs ssl bridging for high traffic virtual servers , these virtual servers serves public services over internet for ISPs and there is no issues regarding it server-ssl or re-encrypting traffic towards web-servers.
> I always offer them not to do this to lighweight the headache on webservers.
> to be sure , cofigure it and monitor your CPU periodically.
Regards
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com