SSL Offload Does Not Work When Load Balancing VIP has SSL port 443 and Service Group is Configured with SSL Port 443

SSL Offload Does Not Work When Load Balancing VIP has SSL port 443 and Service Group is Configured with SSL Port 443

book

Article ID: CTX207877

calendar_today

Updated On:

Description

SSL Offload does not work when load balancing VIP has SSL port 443 and the Service or Service Group is configured with SSL port 443.

If you change the backend Service/Service Group as HTTP port 80, everything works fine.

Resolution

In the network trace you see a Client Hello being sent to the backend over TLSv1.2, and then a Reject coming from the backend server. The backend server is SharePoint running on Windows Server 2012 which should support TLSv1.2.

On the Service or Service Group, disable TLSv1.1 and TLSv1.2 and only have SSLv3 and TLSv1.0 enabled

User-added image

Issue/Introduction

SSL Offload does not work when load balancing VIP has SSL port 443 and the Service or Service Group is configured with SSL port 443.

Additional Information

User-added image

Powered by Wolken Software