Forum Discussion

Aditya_Mehra's avatar
Dec 12, 2017

serverssl-insecure-compatible for unsecure ports

Hi All,

 

Is there an issue if we use serverssl-insecure-compatible for unsecure ports? Have a VIP with serverssl, pool members on 9093 port. Changed to serverssl-insecure-compatible and it works.

 

Does serverssl works only on known ports?

 

Thanks, Aditya

 

  • Ashwin_Venkat_1's avatar
    Ashwin_Venkat_1
    Historic F5 Account

    Hello Aditya,

     

    You should be able to use the 'serverssl-insecure-compatible' SSL profile for any of the services, regardless of whether it's a standard port or not. The difference between 'serverssl-insecure-compatible', 'serverssl' or any of the other default/base profiles we have is the settings within the profiles, particularly the cipher string. You can build custom profiles using 'serverssl-insecure-compatible' or 'serverssl' as the parent profile and have your own custom cipher string, certificate/key, client authentication (if applicable) settings etc as per your application/environment needs.

     

    • Aditya_Mehra's avatar
      Aditya_Mehra
      Icon for Cirrus rankCirrus

      Thanks Ashwin,

       

      So serverssl can also be used if the pool members are not using the standard ports, if we have the relevant ciphers added?

       

      Thanks, Aditya

       

  • Hello Aditya,

     

    You should be able to use the 'serverssl-insecure-compatible' SSL profile for any of the services, regardless of whether it's a standard port or not. The difference between 'serverssl-insecure-compatible', 'serverssl' or any of the other default/base profiles we have is the settings within the profiles, particularly the cipher string. You can build custom profiles using 'serverssl-insecure-compatible' or 'serverssl' as the parent profile and have your own custom cipher string, certificate/key, client authentication (if applicable) settings etc as per your application/environment needs.

     

    • Aditya_Mehra's avatar
      Aditya_Mehra
      Icon for Cirrus rankCirrus

      Thanks Ashwin,

       

      So serverssl can also be used if the pool members are not using the standard ports, if we have the relevant ciphers added?

       

      Thanks, Aditya