Forum Discussion
CirrusSSL issues with new setup
MVPirbk So I think we need to sort a few configuration options first.
1. SSL Termination on F5
F5 terminations SSL using the SSL Client profile and then passes decrypted HTTPS traffic to the server on an alternate port such as 80 or 8080 so that you or the application can tell the difference between traffic that was HTTP traffic and which was HTTPS. So 443(F5) -> 8080(Pool member)
2. SSL Bridging
F5 terminates SSL using the SSL Client profile, performs varios tasks now that the traffic is decrypted, then finally uses the SSL Server profile to encrypt traffic and pass it back to the pool member on 443 or an alternate port such as 8443.
3. SSL Passthrough
F5 performs zero SSL tasks and passes the traffic directly to the server to decrypt and encrypt
If you are having an SSL issue it could be directly related to the server not being configured to receive that decrypted traffic since you are only using an SSL client profile or possibly an SSL cert on the server that is rejecting the requests.
CirrusEnd goal is clients will be using a client side application (not a webpage) to go to the F5, the F5 redirects them to the server, client talks with the server.
How that client side application works is a little bit more tricky. As far as I can tell, it starts out communicating on 80 and then flips to a different port using TLSv1.2. The server is expecting it's traffic encrypted so SSL Passthrough or SSL Bridging is my only option and between the two, I guess the SSL Bridging is better because the F5 gets better visability to the traffic.
