For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

GLM_191985's avatar
GLM_191985
Icon for Cirrus rankCirrus
Mar 01, 2019

SSL Offloading

So basically when SSL get offloaded , it is in a plain text and it has to be forward to any port which understand plain text so when it's again 443 on server. Does it understand traffic ??  
application delivery
LTM
Dylan_375544's avatar
Dylan_375544
Icon for Cirrocumulus rankCirrocumulus
Mar 01, 2019

When SSL is offloaded to the BIG-IP, the traffic must be sent to a port that is listening for and expecting NON encrypted traffic (port 80). If you send it to a back-end server that is expecting 443, or encrypted traffic, it will not understand it.

 

HERE is some good info on that topic!

 

Hope that helps! If it does please up-vote and select this answer, it'd be greatly appreciated!

 

-Dylan

 

Michael_Saleem1's avatar
Michael_Saleem1
Icon for Cirrus rankCirrus
Mar 01, 2019

SSL Termination Mode Description SSL Profiles

 

SSL Offload The SSL certificate is terminated on the virtual server only. The BIG-IP receives the encrypted traffic, decrypts it and forwards it plain text to the backend servers This reduces processing burden on the backend servers and therefore increases performance CLIENT-SSL PROFILE

 

SSL Bridging The SSL certificate is terminated on *BOTH* the virtual server and backend servers. This is referred to end-to-end encryption. The BIG-IP receives encrypted traffic, decrypts and re-encrypts it on the backend, forwarding it encrypted to the backend servers CLIENT-SSL PROFILE & SERVER-SSL PROFILE

 

SSL Pass Through The SSL certificate is terminated on the backend servers only. The BIG-IP simply forwards the SSL encrypted traffic to the backend servers NO SSL PROFILE