cancel
Showing results for 
Search instead for 
Did you mean: 

Client Side SSL Encryption while response from F5

Allwin
Nimbostratus
Nimbostratus

Hi,

 

I have a query, wherein, i have a application hosted behind my F5. I have configured client SSL profile so as to offload the certificate and send the traffic unencrypted to the backend server.

 

Now the server responds in unencrypted http, but will the client also receive the response traffic unencrypted or encrypted.

 

As i'm seeing unencrypted response back to the client. So is it correct? or something needs to be rectified on the F5 side?

 

 

1 ACCEPTED SOLUTION

Hi,

 

I think, application is redirecting it to http again. Can you please confirm below points ?

 

  1. Do you have F5 VS running on port 80 with same IP which is used for https VS?
  2. And you have mapped same pool/irule to above VS.

 

If above points are true in your case, you should remove pool/irule from port 80 VS and add F5 provided http-to-https iRule to it. So F5 will again redirect that request to https.

 

View solution in original post

6 REPLIES 6

 ,

 

As you are using Client-SSL profile on the Virtual Server but no Server-SSL profile, it means the session between Client and F5 is always encrypted whereas session between F5 and backend server is plain text/unencrypted. So in any case, to & fro traffic between client and F5 will be encrypted.

Hi Mayur

but the client is receiving response in http instead of https.

is this the way that it should be working or is there anything missing on the F5 config?

 

Hi,

 

I think, application is redirecting it to http again. Can you please confirm below points ?

 

  1. Do you have F5 VS running on port 80 with same IP which is used for https VS?
  2. And you have mapped same pool/irule to above VS.

 

If above points are true in your case, you should remove pool/irule from port 80 VS and add F5 provided http-to-https iRule to it. So F5 will again redirect that request to https.

 

Hi Mayur,

 

Yes, to both of your questions.

 

So removing the pool from VS_80 and adding the iRule to the VS_443 will ensure that the traffic is received as HTTPS only by the client correct?

 

 

 

 

Yes, client will receive it as HTTPS. Although request will go to http first as application is redirecting it but it will get automatically redirected to HTTPS by F5 iRule. So F5 HTTP VS will be used only for redirection purpose and all data traffic will be handle by HTTPS VS.

 

This configuration will also redirect client request to HTTPS if someone tries to access it using HTTP.

 

Thanks Mayur