Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

When HTTP URL hitting the Virtual server with client SSL profile on port no 500, Will it accept the traffic?

Go to solution
IRONMAN
Cirrostratus
Cirrostratus

‎17-Feb-2020 07:51

Hi ,

 

any one guide what exactly happens here, it is not working, but i need to know is it possiable to make it work for both HTTP and HTTPs for VIP with client SSL profile

 

URL:

 

https://testdomain:500/home.asp

 

 

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Rodrigo_Albuque
MVP
MVP

‎18-Feb-2020 01:28

A virtual server is an IP:port listener so it's perfectly possible to make it accept traffic in whatever port you want. If you configure your virtual server as IP:500, it will accept traffic. However, if you add a Client SSL profile to it, then BIG-IP expects to receive a Client Hello after TCP 3-way handshake completes. If it doesn't, BIG-IP rejects the connection. The only exception to this is if you explicitly enable allow-non-ssl setting on Client SSL profile. Then, it should allow any other kind of traffic go through. Hope it helps.

Rodrigo

 

View solution in original post

3 REPLIES 3

Go to solution
IRONMAN
Cirrostratus
Cirrostratus

‎18-Feb-2020 00:59

Thanks, But i Want to know if it on port 8080, what happens when traffic coming from HTTP , not using HTTPS? VIP applied with Client SSL profile!

0 Kudos

Go to solution
Rodrigo_Albuque
MVP
MVP

‎18-Feb-2020 01:28

A virtual server is an IP:port listener so it's perfectly possible to make it accept traffic in whatever port you want. If you configure your virtual server as IP:500, it will accept traffic. However, if you add a Client SSL profile to it, then BIG-IP expects to receive a Client Hello after TCP 3-way handshake completes. If it doesn't, BIG-IP rejects the connection. The only exception to this is if you explicitly enable allow-non-ssl setting on Client SSL profile. Then, it should allow any other kind of traffic go through. Hope it helps.

Rodrigo

 

Go to solution
IRONMAN
Cirrostratus
Cirrostratus
In response to Rodrigo_Albuque

‎18-Feb-2020 03:41

Thanks, So i can allow the non ssl traffic.

0 Kudos
Copyright © 2023 Khoros, LLC