Forum Discussion
vaesh_95620
Nimbostratus
NimbostratusSSL Persistence with clientSSL profile
Hello- I've read the various documentation that states that SSL persistence only works for non-terminated SSL sessions. However what I find confusing is that we do, in fact, in my enviro...
hooleylist
Cirrostratus
CirrostratusHi Vaesh,
That was true in 4.x, but in 9+, the following applies:
SOL3062: Using SSL (Session ID) persistence
http://support.f5.com/kb/en-us/solutions/public/3000/000/sol3062.html
You can use SSL persistence with the following configurations:
* With an SSL virtual server, when the nodes are configured with the SSL certificate.
* With a virtual server configured with a clientssl profile, when the BIG-IP system terminates SSL connections.
You cannot use SSL persistence with the following configurations:
* With a virtual server configured with a serverssl profile. If the BIG-IP is configured to terminate and re-encrypt SSL connections, a different SSL session ID is used for the node-side connection than is used for the client-side connection. As a result, you cannot use SSL session ID persistence in combination with re-encryption.
* With a virtual server configured for Client Authentication. For example, if the clientssl profile is configured to request a client ssl certificate for client authentication you cannot use SSL persistence.
Aaron