Forum Discussion

nov1ce_120072

Nimbostratus

Feb 26, 2013

SSL offloading

Hello, I'm trying to test SSL offloading on F5 LTM VE (10.1.0 / 3341.1084). My setup is pretty straight-forward -- one pool member running IIS 6 on 80/tcp with VS in the same network (I can...

config

design

nitass

Employee

Feb 26, 2013

i do see ie session using TLS_RSA_WITH_AES_128_CBC_SHA cipher but ff/chrome using TLS_RSA_WITH_AES_256_CBC_SHA. additionally, it seems tls v1.1 is enabled in chrome (as we see it tried tls v1.1 (Version 3.2) first in client hello message.

anyway, i am not sure if this is relevant but if you want to try, we may force TLS_RSA_WITH_AES_128_CBC_SHA cipher and disable tls v1.1 in chrome and see whether it makes any change.

e.g.

[root@ve10:Active] config  b profile myclientssl list
profile clientssl myclientssl {
   defaults from clientssl
   ciphers "AES128-SHA"
}

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

SSL offloading

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

After upgrading from PeopleTools 8.59.11 to 8.61.11 F5 APM is not rewriting the internal URLs

F5 BIG IP laboratory license

F5 mssql health monitor failing

How can I get started with iCall

Connection Rest f5

Related Content

SSL Offloading and Backend pool https

SSL Offload with HTTP/2.0

F5 SSL Offload behind Nginx Reverse Proxy

SSL Offloading for specific IPs or range of IPs

F5 Synthesis: Hybrid SSL Offload

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS