why can't we use Performance L4 VS for SSL bridging .

Question

Why can't we use serverssl profile with Performance L4 Virtual server type ?What is the reason behind that  ?&nbsp;

yoann_le_corvi1 · Answer

Hi Sajan&nbsp;
SSL/TLS sits "on top" of TCP. And FastL4 vs takes care only of the connection part of TCP. Not layers above. That's why.&nbsp;
If you need more perf (and less control over L7 layer) you could use Performance HTTP.&nbsp;
Any precision required let us know...&nbsp;
Yoann&nbsp;

kai_wilke · Answer

Hi Sajan,&nbsp;
the reason for this is, that just the Standard Virtual Server is able to establish two independend TCP sessions (client / server side) to negotiate the SSL/TLS channels on each of the sides correctly. A Performance L4 Virtual uses just one TCP session in pass-through mode...&nbsp;
K12015: Configuration requirements for SSL virtual servers, profiles, pools, and monitors&nbsp;
https://support.f5.com/csp/article/K12015&nbsp;
K8082: Overview of TCP connection setup for BIG-IP LTM virtual server types&nbsp;
https://support.f5.com/csp/article/K8082&nbsp;
Cheers, Kai&nbsp;

Forum Discussion

why can't we use Performance L4 VS for SSL bridging .

Recent Discussions

Service discovery is not happening in AS3

How to implement LTM forward proxy client to determine the diversion pool based on the domain name

FTP PASV mode to Extended Passive mode

Oracle JDBC SSL Termination failing on F5

APM for banner and cert

Related Content

SSL Bridging verification

F5 Distributed Cloud JA4 detection for enhanced performance and detection

Integrating SSL Orchestrator with CheckPoint Firewall VM-Bridge Mode (L2)

Leaks & breaches, memory-safe C++, cryptominers and bridging the air-gap

Understanding Performance Metrics and Network Traffic

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS