Forum Discussion

ingard's avatar
ingard
Icon for Nimbostratus rankNimbostratus
Sep 18, 2014

Why am I seeing so many "Partial" SSL Hardware Accelerated transactions?

My ssl profile uses ciphers "default" show /ltm profile client-ssl myprofile gives this: (i've just recently reset the stats)   SSL Hardware Acceleration Full ...
application delivery
hardware
LTM
performance
profile
ssl
John_Heyer_1508's avatar
John_Heyer_1508
Icon for Cirrostratus rankCirrostratus
Dec 12, 2014

I got two possible answers back from F5 support. They first said you'd see a Partial when the SSL handshake is done in hardware, but the data connection is not. For example if using RSA+3DES+MD5.

 

I pointed out that we manually limit our ciphers to those with Native, and the Connections table confirms that 100% of all connections have been Native. They offered this alternate explanation:

 

The connections listed as "Partial" are very likely the resumed SSL sessions, in which the bulk cryptography is hardware-accelerated but the handshake for the resumed session is handled in software.

 

I suppose I could disable SSL session resumption to confirm this, but probably will not worry about it. We use the F5 for large file transfers, so are actually more concerned about the data connection than the handshake.