Can ACE encrypts cookies?

Answered Question
Jan 20th, 2010

I just implemented ACE 4710, A3(2.4) in our network. It is doing loadbalancing with ssl termination. I configured stickiness using server cookies.  My client is telling me cookie is sent in clear text on the Inernet.  Is there a way on ACE to encrypt it?


your help is greately appreciated.

Correct Answer by Gilles Dufour about 7 years 1 month ago

This is just not possible.

The cookie is part of the http header and the complete http data (header + content) is encrypted in the same SSL connection.

So not possible.

Have your customer send you the sniffer trace showing the problem.


Gilles.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Gilles Dufour Wed, 01/20/2010 - 07:25

This is just not possible.

The cookie is part of the http header and the complete http data (header + content) is encrypted in the same SSL connection.

So not possible.

Have your customer send you the sniffer trace showing the problem.


Gilles.

ncfb-awarsame Wed, 01/20/2010 - 08:35

Thank you.  That was also my thinking.


I'll ask them to give a sninffer trace.

ncfb-awarsame Wed, 01/20/2010 - 09:59

gdufuor,


a part of my question was not right. Stickiness cookie is created by ACE. ACE is inserting the cookie.  Does it make any diffirrence?


thank you.

Actions

This Discussion