[openssl-dev] F5 termination of TCP connection

Krzysztof Kwiatkowski krzysiek at leeds.pl
Mon Jun 1 11:36:01 UTC 2015 

Hi,

Yes, that's exactly what we do in our configuration. We have 24 servers 
with rather high workload. SSL is offloaded on F5 load balancer and 
servers behind load balancers receive decrypted traffic.

I'm not aware of any performance issues. And in fact it's quite good 
idea as server itself doesn't need to know anything about TLS/SSL 
protocol.

--
Kris


On 2015-06-01 12:11, Thirumal, Karthikeyan wrote:
> Dear Team,
> 
> We have a client-server (Server is a C++ process) communication which
> does a TCP communication over a secure layer. The SSL is achieved by
> OpenSSL library on that process.
> 
> Am having some connection problems in the Server side - So inorder to
> avoid this can I put this SSL under F5 termination - so that all SSL
> related aspects are done at the F5 load balancer itself and the server
> is not much loaded.
> 
> Has anyone tried this before ? Can someone she some lights on this
> please ?
> 
> Thanks & Regards
>  ________________________
>  Karthikeyan Thirumal
> 
>  ******************************************************
>  This message and any files or attachments sent with this message
> contain confidential information and is intended only for the
> individual named. If you are not the named addressee, you should not
> disseminate, distribute, copy or use any part of this email. If you
> have received this message in error, please delete it and all copies
> from your system and notify the sender immediately by return Email.
> 
>  Email transmission cannot be guaranteed to be secure or error-free as
> information can be intercepted, corrupted, lost, destroyed, late,
> incomplete or may contain viruses. The sender, therefore, does not
> accept liability for any errors or omissions in the contents of this
> message, which arise as a result of email transmission.
>  ******************************************************
> 
> _______________________________________________
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

More information about the openssl-dev mailing list