GLM_191985
Mar 01, 2019Cirrus
SSL Offloading
So basically when SSL get offloaded , it is in a plain text and it has to be forward to any port which understand plain text so when it's again 443 on server. Does it understand traffic ??
So basically when SSL get offloaded , it is in a plain text and it has to be forward to any port which understand plain text so when it's again 443 on server. Does it understand traffic ??
When SSL is offloaded to the BIG-IP, the traffic must be sent to a port that is listening for and expecting NON encrypted traffic (port 80). If you send it to a back-end server that is expecting 443, or encrypted traffic, it will not understand it.
HERE is some good info on that topic!
Hope that helps! If it does please up-vote and select this answer, it'd be greatly appreciated!
-Dylan
SSL Termination Mode Description SSL Profiles
SSL Offload The SSL certificate is terminated on the virtual server only. The BIG-IP receives the encrypted traffic, decrypts it and forwards it plain text to the backend servers This reduces processing burden on the backend servers and therefore increases performance CLIENT-SSL PROFILE
SSL Bridging The SSL certificate is terminated on *BOTH* the virtual server and backend servers. This is referred to end-to-end encryption. The BIG-IP receives encrypted traffic, decrypts and re-encrypts it on the backend, forwarding it encrypted to the backend servers CLIENT-SSL PROFILE & SERVER-SSL PROFILE
SSL Pass Through The SSL certificate is terminated on the backend servers only. The BIG-IP simply forwards the SSL encrypted traffic to the backend servers NO SSL PROFILE
That's a good chart!
HERE is some good info on that topic!
I don't get what you want to share on this link?
I believe it doesn't matter on backend server , what port it listen on.. Any link with example?