Forum Discussion
zamroni777
May 03, 2024Cumulonimbus
please ensure that oneconnect profile is enabled on the http profile assigned to the vs, so that bigip can use 1 server side tcp connection for multiple client sessions.
as 1 tcp session equals to 1 tls/ssl session, hence reducing number of server side tcp session will also reduce the number of server side tls session.
you might also need to reduce tls cipher set strength of the server "side" ssl profile to reduce server processing load, e.g:
- only use aes 128 bit and disable aes aes 256 or higher
- disable ecdhe / dhe , hence it will only use rsa/dsa
additionally, ensure that server uses hardware accelerated aes (intel/amd aes-ni).