Re: SSL persistence using a port other than 443?

clayton-price · ‎12-04-2002

I figure this would work, but am looking for some confirmation.

Thanks!

Clayton

r-simpson · ‎12-10-2002

This is from a Cisco documentation:

The Clients send encrypted traffic on port 443, the standard SSL port. The CSM listens on port 443 and load balances the encrypted traffic to an internal "server farm" of SSL modules. The selected SSL Service Module decrypts the traffic, stamps it with a SSL Session ID, opens a clear-text connection to a Versatile Interface Processor (VIP) on the CSM, and sends the traffic to a port that has been configured to receive "decrypted SSL traffic", for examples port 81.

clayton-price · ‎12-10-2002

Thanks, however in our case we are not using the SSL module.

I have since ruled out using ssl persistence due to Internet Explorer renegoting the SSL session ID every two minutes. This would break the persistence.

I do have a new question. I have not had any luck doing a keepalive check against an https port. I see that there is keepalive http, but no keepalive https. The standard http one fails against ssl enabled ports.

bhose · ‎12-10-2002

HI,

An option to do SSL keepalive may be to use a TCP based keepalive on port 443.

Regards

clayton-price · ‎12-10-2002

Thanks, That is what I ended up doing. It would be nice to perform an actual GET of a page. Sometimes our applications will hang, but the tcp port will still be listening.