Is it possible to do both 1 way AND 2 way SSL on a single VIP?

Question

So I have a requirement to set up a vip for 2way SSL.  The client connects to the site and the site serves the page.  This should be simple.  However, once the client connects to the site, the site does a 30x redirect to another site to authenticate the user and this seems to break things.  I think its doing 1way SSL to the other site, and not responding to the first site's attempt to get it client cert.  
&nbsp;
The first site was originaly set up for 1 way SSL, and now that I've configured it for 2 way SSL, it seems like some of functionality is broken.  Its not possible to set it up for both?  That seems like it would violate the point of 2 way SSL if a particular client could just get around it.&nbsp;

vinit_ajgaonkar · Answer

Hi Atoth,&nbsp;
Modifying the client authentication in the SSL profile can allow for the VIP to be configured as both 1-way and 2-way. &nbsp;
However from a security standpoint it kind of nullifies the Cert based authentication becuase even users who dont pass the auth check can get through.&nbsp;
Client authentication options in ClientSSL profile are as below:
1. Require(Strict and requires client cert authentication)
2. Request(Not strict for client cert authentication for the ssl session to be established)
3. Ignore(Default) &nbsp;
Regards,
Vinit&nbsp;

Forum Discussion

Is it possible to do both 1 way AND 2 way SSL on a single VIP?

1 Reply

Recent Discussions

Advise on setting up IRULE

google autenticator broken barcode

Port Group on F5OS network setting

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Unwinding the Benefits of Investing in White Label Crypto Wallet

Related Content

Brute Force protection for single parameter like OTP

single slot multiple core vs multiple slot single core

Single Node Persistence

User roles per partition: are multiple possible?

BigIP VE - Multiple VLANs on single partition with single interface