Forum Discussion
https://support.f5.com/kb/en-us/solutions/public/7000/200/sol7216.html
Original Publication Date: 05/16/2007 Updated Date: 10/15/2014
You cannot currently mirror Secure Sockets Layer (SSL) connections that are terminated by the BIG-IP system. This would require the standby BIG-IP system to be aware of SSL session information that is negotiated between the client and the active BIG-IP system during the SSL handshake. SSL session information includes the following: the shared SSL key, the SSL session ID, the SSL cipher spec, and the SSL version.
If you enable connection mirroring for a virtual server that references a clientssl or serverssl profile, active connections being processed by the virtual server will be closed by the BIG-IP system when failover occurs. The BIG-IP system will send a TCP RST to the client when failover occurs, because the newly active BIG-IP system does not have the SSL connection in its connection table.