Forum Discussion

ic3man1986_2846

Nimbostratus

Apr 10, 2017

Big IP proxy ssl feature question

Hi guys, i´ve a question to the proxy ssl feature. I had a virtual server, with a client and a server certificate. Both have the proxy ssl feature enable. Think it works fine. I´ll could au...

Cirrostratus

May 18, 2017

Hi,

Be aware that Proxy SSL makes not much sense those days. Most of the ciphers used (especially DH) are breaking this functionality - BIG-IP is not able to decrypt traffic.

Except some very special requirements when you have to ensure that BIG-IP is able to decrypt there is no point in using Proxy SSL, just let SSL traffic to go through BIG-IP encrypted.

If you have to let BIG-IP decrypt traffic then you have to assure that your backend server will accept only ciphers that allow decryption on BIG-IP = rather ancient and not very safe ciphers.

Piotr

Forum Discussion

Big IP proxy ssl feature question

Recent Discussions

Rundeck ansible F5 errors

What is the meaning is 52% block in WAF

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Open Redirection Mitigation

Related Content

DevCentral's Featured Member for February - Edouard Zorrilla

DevCentral's Featured Member for March - Thomas Dahlmann

DevCentral's Featured Member for April - Mihai Cziraki

DevCentral's Featured Member for December - Mohamed Kansoh

Exploring F5OS automation features on VELOS