For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

kbarton_247935's avatar
kbarton_247935
Icon for Nimbostratus rankNimbostratus
Feb 04, 2016

Big-IP: SSL Client Cert Pass Through iRule

Hey Guys, So I know this question has been asked before, but I want to create an iRule on our load balancer (in combination with enabling proxy SSL and enabling the Request client certificate optio...
BIG-IP
devops
iRules
security
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Feb 04, 2016

do you mean to say that this would be the default behavior with ProxySSL enabled?

 

That's absolutely the behavior. In all reality, not performing any SSL on the BIG-IP (no client and server SSL profiles) will allow the same thing. The client and server will negotiate the SSL session directly. ProxySSL allows you to, with caveats, look inside the SSL payload after the handshake, and potentially act on the layer 7 data (ex. inspect requests/responses, insert cookies, perform intelligent load balancing persistence, etc.). The caveats are substantial, however. As I alluded to earlier, ProxySSL (and all SSL man-in-the-middle products for that matter), rely on an RSA key exchange and knowledge of the server's private key. The master secret key derived in the RSA key exchange comes from three values: the client's random number, the server's random number (both transmitted in the clear), and a "premaster secret" created by the client, encrypted with the server's public key, and sent to the server. It's the knowledge of the server's private key that allows the SSL man-in-the-middle to decrypt that third piece of data and derive the same shared master secret. The other key exchange protocol, Diffie-Hellman (actually a key "agreement" protocol) does not send any encrypted data across the wire, so an SSL man-in-the-middle does not work. It just so happens that Diffie-Hellman (DH), or at least the ephemeral version of DH (DHE), and its derivation, Elliptic Curve Diffie-Hellman (ECDH and ECDHE) are becoming the preferred key exchange/agreement protocol. RSA generally lacks the ability to be ephemeral and thus doesn't support Perfect Forward Secrecy. In short, browser and OS vendors are now prioritizing DHE/ECDH/ECDHE over RSA, and the next version of TLS (1.3) will remove non-perfect forward secret key exchanges altogether. For any SSL man-in-the-middle to work, you must somehow force the client and server to negotiate with RSA, which is sometimes not even possible. The ProxySSL feature will, if configured to "bypass", simply ignore SSL sessions that negotiate with anything other than RSA.