Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

AS3 TLS_Client VS TLS_Server Schema confusion

BrentKingston
Altostratus
Altostratus

I'm pretty new to AS3 and I'm looking at converting my existing configuration to use AS3 declarations.

I have several HTTPS virtual servers that use SSL Profile (client). 

I am following https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/declarations/tls-encryption... as an example to generate a VSS, a client SSL profile, and a server SSL profile.

I am kind of confused because when I run this config, the TLS_Client Schema is writing things to the SSL Server section and the TLS_Server is writing things to the SSL Client section.

Is this how it is supposed to work? Shouldn't the TLS_Client write to the SSL Profile (Client) and TLS_Server write to the SSL Profile (Server)?

BrentKingston_0-1681502094872.png

 

1 ACCEPTED SOLUTION

BrentKingston
Altostratus
Altostratus

Never mind!

I just found the reason in the FAQ

I used a TLS_Server object in my BIG-IP AS3 declaration, why did it create a Client SSL profile on the BIG-IP?

The BIG-IP AS3 naming convention for TLS Server and TLS Client differs from traditional BIG-IP terminology to better comply with industry usage, but may be slightly confusing for long-time BIG-IP users. The BIG-IP AS3 TLS_Server class is for connections arriving to the BIG-IP, which creates a “client SSL profile” object on the BIG-IP. The BIG-IP AS3 TLS_Client class if for connections leaving the BIG-IP, which creates a “server SSL profile” on the BIG-IP. See TLS_Server and TLS_Client in the Schema Reference for more information.

View solution in original post

1 REPLY 1

BrentKingston
Altostratus
Altostratus

Never mind!

I just found the reason in the FAQ

I used a TLS_Server object in my BIG-IP AS3 declaration, why did it create a Client SSL profile on the BIG-IP?

The BIG-IP AS3 naming convention for TLS Server and TLS Client differs from traditional BIG-IP terminology to better comply with industry usage, but may be slightly confusing for long-time BIG-IP users. The BIG-IP AS3 TLS_Server class is for connections arriving to the BIG-IP, which creates a “client SSL profile” object on the BIG-IP. The BIG-IP AS3 TLS_Client class if for connections leaving the BIG-IP, which creates a “server SSL profile” on the BIG-IP. See TLS_Server and TLS_Client in the Schema Reference for more information.