Forum Discussion
When does one make a call if SSL Offloading needs to be done or not?
I think the biggest reason you would want to offload SSL for the site is if you need to do anything to the traffic as it goes through. Unless you offload SSL, you wouldn't be able to process the traffic or manipulate it in any way (e.g. within an iRule or Local Traffic Policy).
If you're currently offloading the SSL on the web server(s), then the resource load for decryption is on the servers themselves, and you must maintain the certificates and private keys on both of those servers. If you offload the SSL on the F5, then you can keep the certificate on there and let it do all the decryption processing for SSL. Of course, the other thing would be that if you still wanted HTTP between the LTM and web servers, you could set that up as well to ensure end to end encryption, but if it's not a security concern, then you could just offload the SSL at the F5 and go HTTP to the backend.
So personally, I think the 2 main questions are whether you want the intercept the traffic at all and if you would rather the F5 do the heavy lifting for SSL decryption.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com