SSL Authentication by server side

Question

Hi All,&nbsp;
&nbsp;I'm looking to implement an SSL re-encryption but need to have the real server perform the SSL authentication checks. I know the F5 can perform this check via an iRule, but security policy mandates that no one should be able to query the real server directly. Can someone please point me in the right direction?&nbsp;
&nbsp;I'm currently on v10.x code. I've been told that v11 offers "proxy SSL"?&nbsp;
&nbsp;I'd appreciate any suggestions.&nbsp;

hooleylist · Answer

Hi Silicon, 
&nbsp;  
&nbsp; In 11.0, we added support for Proxy SSL where you configure the server SSL cert(s)/key(s) in server ssl profile(s) and enable Proxy SSL on a client and the server SSL profiles.  TMM then goes into a pass through mode for the SSL handshake so the server receives the actual client cert when it's requested.  After the initial handshake, TMM is able to decrypt the bulk crypto and access the decrypted content for use with LTM, iRules, WAM, WOM, etc.  Make sure to use the most current 11.x code and latest hotfix as there have been a couple of recent fixes with this feature. 
&nbsp;  
&nbsp; Aaron

silicon_84874 · Answer

Thanks Aaron, I'll go down the most current v11 code +HF. 
&nbsp;  
&nbsp; Regards, 
&nbsp; Silicon

Forum Discussion

SSL Authentication by server side

2 Replies

Recent Discussions

vulnerabilities-CVE-2020-16150 & CVE-2013-0169

google autenticator broken barcode

Error while running ansible

ASM instance creation

[ASM] - what is "Browser Challange file" ?

Related Content

Server Side SSL profile not match with Client side SSL profile?

total-client-side-conns & total-server-side-conns

Client side and Server side SSL profile

Client Side SSL Encryption while response from F5

AD Authentication using multiple user attributes