Forum Discussion
Using the default serverssl profile on the server side in conjunction with a client-ssl clientside profile will effectively terminate ssl at your BIG-IP on the client side and then re-encrypt to the server - ie decrypt & re-encrypt.
If you're doing anything that depends on looking into your stream, like using cookie persistence, you still need to terminate ssl on the client-side. If you don't, then no need for a clientside or serverside ssl profile, just pass the ssl right on through - but again you're limited to your persistence choices and any involved irules.
Whether you pass ssl through or terminate and re-encrypt, the server would also need a cert and effectively decrypt ssl, as you suspect, you're not saving any processing cycles here. Note - The server can have an ica cert vs the real CA Cert, as SSL errors would not be seen by the client.