Forum Discussion
dragonflymr
May 18, 2017Cirrostratus
Hi,
Be aware that Proxy SSL makes not much sense those days. Most of the ciphers used (especially DH) are breaking this functionality - BIG-IP is not able to decrypt traffic.
Except some very special requirements when you have to ensure that BIG-IP is able to decrypt there is no point in using Proxy SSL, just let SSL traffic to go through BIG-IP encrypted.
If you have to let BIG-IP decrypt traffic then you have to assure that your backend server will accept only ciphers that allow decryption on BIG-IP = rather ancient and not very safe ciphers.
Piotr