Forum Discussion

Sajan_Mania_381's avatar
Sajan_Mania_381
Icon for Altostratus rankAltostratus
Mar 07, 2019

why we need SSL Bridging ?

Hi F5 Experts ,

 

Why we need SSL Bridging ? Why we need to terminate SSL on Both Virtual Server and Backend Server ? What is the need of having 2 time ssl termination here - One in f5 and one in Web server?

 

The main concept of SSL offloading is to relieve a web server of the processing burden of decrypting and/or encrypting traffic sent via SSL , But using SSL Bridging we will again have processing burden of decrypting and/or encrypting traffic on web server .Instead we can have SSL-Pass through only !

 

Please let me know the reason behind using SSL Bridging .

 

Regards , SM

 

application delivery
LTM
TMSH

2 Replies

Sort By
  • Dylan_375544's avatar
    Dylan_375544
    Icon for Cirrocumulus rankCirrocumulus
    Mar 07, 2019

    Some Companies require that traffic is encrypted EVERYWHERE on the network.

     

    In order to appease them, AND still be able to view and modify traffic on the BIG-IP, it would need to be decrypted on the BIG-IP and then re-encrypted before being sent through the network to the back-end servers.

     

    Hope that helps! If it does, please up-vote and select this answer! It would be greatly appreciated.

     

    -Dylan

     

  • Rico's avatar
    Rico
    Icon for Cirrus rankCirrus
    Mar 07, 2019

    From an F5 perspective, it allows load balancing decisions to be made based on the encrypted data, traffic can be modified based on iRules, and, as Dylan stated above, security is very important to many major companies storing sensitive data. Plus, with the heavy reliance on cloud devices and external services, its quite possible to have to load balance to servers that require a public connection to get to. Unless you want to send plain text out to Amazon's cloud service, SSL bridging is your best bet.