Whiteboard Wednesday: SSL Proxy Solutions

Is there any way to do client cert authentication pass though without proxy SSL. ECDHE is becoming more and more required. Especially with iOS 9.

Complete SSL passthrough where you simply load balance is possible...unfortunately the proxySSL capability extendng to ECC and the likes is a limitation within the protocols. Alternative to simple load balancing for non RSA key exchange at this point is offload with client auth moved forward from the app to the BIG-IP.

added an annotation to the video as well for the cipher list, either the server or the BIG-IP should be trimming non RSA ciphers for Proxy SSL to work.