Re: [openssl-dev] F5 termination of TCP connection

Mon, 01 Jun 2015 07:07:23 -0700 

Hi,
Yes, that's exactly what we do in our configuration. We have 24 servers with rather high workload. SSL is offloaded on F5 load balancer and servers behind load balancers receive decrypted traffic. 


I'm not aware of any performance issues. And in fact it's quite good 
idea as server itself doesn't need to know anything about TLS/SSL 
protocol.


--
Kris


On 2015-06-01 12:11, Thirumal, Karthikeyan wrote:

Dear Team,

We have a client-server (Server is a C++ process) communication which
does a TCP communication over a secure layer. The SSL is achieved by
OpenSSL library on that process.

Am having some connection problems in the Server side - So inorder to
avoid this can I put this SSL under F5 termination - so that all SSL
related aspects are done at the F5 load balancer itself and the server
is not much loaded.

Has anyone tried this before ? Can someone she some lights on this
please ?

Thanks & Regards
 ________________________
 Karthikeyan Thirumal

 ******************************************************
 This message and any files or attachments sent with this message
contain confidential information and is intended only for the
individual named. If you are not the named addressee, you should not
disseminate, distribute, copy or use any part of this email. If you
have received this message in error, please delete it and all copies
from your system and notify the sender immediately by return Email.

 Email transmission cannot be guaranteed to be secure or error-free as
information can be intercepted, corrupted, lost, destroyed, late,
incomplete or may contain viruses. The sender, therefore, does not
accept liability for any errors or omissions in the contents of this
message, which arise as a result of email transmission.
 ******************************************************

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev






















					Reply via email to