F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Techgeeeg_28888's avatar
Techgeeeg_28888
Icon for Nimbostratus rankNimbostratus
Dec 09, 2013

SSL Offloading

Hi Everyone, I have a small question I have a web server with SSL termination on it. Now when I try to create the VS on LTM on port 443 it dosent work, I want to forward the connection from VS to the...
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Dec 10, 2013

You can do it one of two ways:

 

  1. You can simply pass the 443 SSL traffic through the box - remove an client or server SSL profiles, set the VIP to listen on port 443, send to a pool of servers listening on port 443, and remove any layer 7 profiles from the VIP (ie. HTTP).

     

  2. You can terminate and re-encrypt the SSL on the LTM. This will require a client AND server SSL profile. The great things about this options are 1) you can see inside the payload and make decisions, like persistence and request routing, and 2) you'll generally get much higher throughput if you let hardware offload the SSL. Granted that's mostly negated when you re-encrypt, but then there's a good argument for not re-encrypting, or at least re-encrypting at a lower cipher strength.