Forum Discussion
NimbostratusTCP to SSL Converstion
We have a requirement to allow a simple TCP client to connect to a Server that only supports SSL connections. Our client does not support the SSL protocol, but the target server only allows application traffic within a SSL session. I would like to leverage the our F5 LTM-2000 11.3.1 to Convert TCP to SSL, or encrypt data received within a TCP socket for forwarding towards an SSL host. I'm assuming an iRule will help here?
3 Replies
tatmotivCirrostratus
Is this application using http? If so, you do not need an iRule, just setup the virtual on the bigIP as standard virtual server on port 80 and attach an http and serverssl (no clientssl!) profile to it. That should do the job.
If you are using some other TCP-based protocol (non-http), you could try the same (omit the http profile then), but I think it will depend on the protocol whether it will work or not. I wouldn't bet on it in any case.
Good luck.
- Kevin_Stewart
Employee
It's also worth pointing out that TCP and SSL work at separate layers of the OSI and are more or less independent of one another. In other words, you can't replace TCP with SSL. TCP is a transport protocol and can only really be replaced by UDP. SSL sits between TCP/UDP (layer 4) and any application protocol (layer 7), so in many cases it's just a matter of adding SSL (or not adding it). So as tatmotiv stated, assuming the same application layer protocol on either end, it'll likely be as simple as adding an SSL profile to the virtual server.
- Kevin_Stewart
Well technically just one profile on the VIP. A client SSL profile handles SSL on the client side (client to F5), while a server SSL profile handles SSL on the server side (F5 to backend server). So technically you only need the server SSL profile attached to the VIP to do HTTP on the client side and HTTPS on the server side.
