Oracle JDBC SSL Termination failing on F5
We have created a new f5 VIP to terminate SSL and redirect the traffic to backend Oracle Database and the client is java application. We have configured the certificate using *.pfx file in f5 VIP, the same is used at client side to configure jks file to access. We have configure keystore and truststore on client side while accessing the VIP. But F5 is keep on complaining that the request received at f5 is not SSL Error in f5: cat ltm | grep Mar 17 13:15:46 abc.net warning tmm[11711]: 01260009:4: 10.0.0.0:58857 -> 10.0.0.0:8443: Connection error: ssl_passthru:5935: alert(40) not SSL Java code accessing F5 vip String jdbcUrl = "jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS)(HOST=F5ENDPOINT.net)(PORT=8443))(CONNECT_DATA=(SERVICE_NAME=ABC)))"; System.setProperty("javax.net.ssl.keyStore", "C:\\Apps\\rspt\\keystore.jks"); System.setProperty("javax.net.ssl.keyStoreType", "JKS"); System.setProperty("javax.net.ssl.keyStorePassword", "changeit"); System.setProperty("javax.net.ssl.trustStore", "C:\\Apps\\rspt\\trustStore.jks"); System.setProperty("javax.net.ssl.trustStoreType", "JKS"); System.setProperty("javax.net.ssl.trustStorePassword", "changeit"); Properties props = new Properties(); props.setProperty("user", userName); props.setProperty("password", password); props.setProperty("javax.net.ssl.keyStore", "C:\\Apps\\rspt\\keystore.jks"); props.setProperty("javax.net.ssl.keyStorePassword","changeit"); props.setProperty("javax.net.ssl.trustStore", "C:\\Apps\\rspt\\trustStore.jks"); props.setProperty("javax.net.ssl.trustStorePassword","changeit"); String query = "SELECT name FROM department WHERE departmentid= 1"; try { DriverManager.registerDriver(new oracle.jdbc.driver.OracleDriver()); con = DriverManager.getConnection(jdbcUrl,props); Statement statement = con.createStatement(); // Execute the query and obtain the result set ResultSet resultSet = statement.executeQuery(query); while (resultSet.next()) { String name = resultSet.getString("name"); System.out.println(" Name: " + name); } } catch (SQLException e) { e.printStackTrace(); } We have tried this with 80 PORT AND tcp as protocol in jdbc connection string and its working as expected. Only when we enable SSL termination on 8443, we have this issue. Can you guide what we are missing here ?
HSTS on LTM
We are running 11.5.4 on several BIG IPs and want to implement HSTS. I understand the concept of using an iRule or a policy but I have a question. If our member web servers are doing HTTP only and SSL termination is configured on the F5, if we configure HSTS on the F5, does anything need to be done on the web servers? Thank you.