ssl termination on F5

Question

**client**            &lt;---&gt; F5 &lt;---&gt;     **Server** (SSL cerfificate available)

(client supports only TLS 1.1 and above)     (Server Supports only TLS 1.0)
In the above scenario, we got problem due to an old server (only supports TLS 1.0)
As a workaround, i am planning to  offload SSL to F5 and let F5 function as a proxy.
I can export SSL cert from web server and apply on F5 client side profile on F5(no Server ssl profile configured as of now) 
Also there is a requirement that the server initiates some connection to client. 
Q1. Is client SSL profile (on F5) is enough to achieve above requirement
Q2. Do i need any server SSL profile (on F5) ?

chris_grant · Answer

You only need a serverSSL profile if the server is expecting an SSL connection. If you don't want to change how it's currently configured, then yes you would need a ServerSSL profile. Note that you may need to either use serverssl-insecure compatible or a custom serverssl profile depending on the requirements of your back end server.

Forum Discussion

ssl termination on F5

1 Reply

Recent Discussions

F5 Rseries HA

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Can iRule mask the payload content on event logs of security

minimum tmos software version for connect CIS (openshift)

Related Content

SSL Termination

FTPS_SSL_ Termination

SSL Profiles

Integrating SSL Orchestrator with McAfee Web Gateway-Transparent Proxy

Configure NGINX microgateway for MTLS termination and client certificate hash verification