For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

nitass's avatar
nitass
Icon for Employee rankEmployee
Jun 02, 2015

Failed logon (VS x.x.x.x:443 w/ SSL Client Profile):

 

i might be lost but isn't post request same on both virtual servers? why one is success but the other one fails?

 

  • Gilles_Archer_3's avatar
    Gilles_Archer_3
    Icon for Nimbostratus rankNimbostratus
    Jun 02, 2015
    That is the conundrum that I find myself in. I can submit that POST to the VS in three different ways: VS x.x.x.x:443 (w/ Client SSL Profile) aka HTTPS://x.x.x.x/ VS x.x.x.x:443 (w/o Client SSL Profile) aka HTTP://x.x.x.x:443/ VS x.x.x.x:80 aka HTTP://x.x.x.x/ The last two work every time. The primary reason we decided to move forward with a VS was to provide a secure client connection - which the application vendor does not currently support directly.
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jun 02, 2015
    you may compare packet (tcpdump) on server-side (between bigip and server) between working and non-working one. server may not be happy with something when doing ssl offloading on bigip. if you can find it, we could be able to fix it. :-)