Forum Discussion
ssl (https) compression
I can't seem to post a forum to the "performance testings" as I've already joined the group, so I thought I post it on here.
Does anyone know if ssl compression can be done on the f5? I don't seen any options in the services profiles to do this.
I only http compression available.
Regards,
TRX
- When you say "SSL compression" do you mean compressing HTTP contents that are SSL encrypted? If so, then yes you can do that, provided you terminate the SSL on the BIG-IP.
Colin 
hooleylistCirrostratus
I hadn't heard about SSL compression before, but this Chrome dev's blog has some info:
http://www.belshe.com/2010/11/18/ssl-compression-and-you/
Here's an RFC for it as well:
http://tools.ietf.org/html/rfc3943
It looks like Chrome is the only browser that supports compression of SSL. I'm not sure there is much benefit to it though.
I don't think LTM supports SSL compression. If you see a good use case for it, you could open a case with F5 Support to request it be considered for addition to the product.
Aaron- By the sounds of that post, though, HTTP level compression would be preferred. Wouldn't it be better just to enable compression on the LTM rather than attempting to implement SSL compression?
I suppose there are always corner cases, but I'm curious what the reasoning for using this particular form of compression is. :)
Colin - hooleylistIf you're decrypting the SSL you could use HTTP compression for this as Colin suggested.
Aaron - So are you saying if I enable http compression on the f5 using services profile, that would work for http and https? If yes, how would I confirm that is working?
Regards,
TRX - hooleylistYes. You can check the response Content-Encoding header value for gzip or deflate:
http://en.wikipedia.org/wiki/HTTP_compression
Aaron - Yes I'm aware of that in the response header already. Do you know of any other way?
Regards,
TRX - I'm NOT sure how the http compression on the f5 would come into play if the traffic is on ssl the entire time. Would I just apply same profile on the SSL Virtual Server?
Sounds too simple. :)
Regards,
TRX - hooleylistNo, you'd need to decrypt the SSL on LTM if you want LTM to do HTTP compression. If that's not an option, then you could do it on the servers. If that's not feasible, then don't do compression at all.
Considering the support for SSL compression is limited to Chrome, I wouldn't bother considering it (even if it did perform well which it doesn't seem to).
Aaron - When you say "decrypt on the LTM", do you mean using IRules or the profile configuration of the HTTPS VS or HTTP VS?
Just want to clarify.
Thanks.
Regards,
TRX
