Skype for Business Edge and SSL decryption

Question

Has anyone had any experience configuring the BIG-IP for SSL visibility between two Skype for Business Edge Servers?  I'm inclined to think this is a non-starter.  By default, the SSL session uses ECDHE_RSA for key exchange and includes a Handshake Protocol: Certificate Verify message from the client.  
&nbsp;
Assuming that these characteristics make decrypt impossible, has anyone had success changing the ciphers used by the Edge servers?  &nbsp;

yoav_crombie_25 · Answer

What are you trying to achieve with this?
We have a product encrypting the SIP traffic on the EDGE as well as an iApp that integrates in F5 for HTTPS traffic control specifically of Skype for Business
You can read more here: skypeShield.com&nbsp;

stanislas_piro2 · Answer

Hi,&nbsp;
As I understood, even if you can offload decrypt SSL, Edge connections are not HTTPS but skype protocol over SSL on port 443.&nbsp;

Forum Discussion

Skype for Business Edge and SSL decryption

2 Replies

Recent Discussions

Advise on setting up IRULE

google autenticator broken barcode

Port Group on F5OS network setting

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Unwinding the Benefits of Investing in White Label Crypto Wallet

Related Content

Decrypt, Encrypt, Decrypt, Encrypt, Encrypt....

Microsoft Skype for Business Server 2015

Troubleshooting Lync/Skype for Business Reverse Proxy

Decrypting BIG-IP Packet Captures without iRules

Decrypting BIG-IP Packet Captures Automatically