F5 SSL Forward Proxy determining the TLS Protocol to use on an end-to end connection

Hi,

 

I've been trying to setup F5 SSL Forward Proxy where the client supports only TLS1.0 and webserver supports only TLS1.2 The general idea is to have the client establish the SSL tunnel (TLS1.0) with the F5 VS (Client SSL Profile holds the Cert and the Private Key) and than have the F5 establish SSL tunnel (TLS1.2) with the webserver that the client is trying to reach. So far I had no successes so I'm wondering if in such deployment the F5 does forward the SSL Hello message received from the Client to the Webserver thus trying to negotiate end-to-end agreement on the Protocol and Cipher that all parties in this communication should support and thereby failing due to TLS mismatch: Client, F5 and Webserver.

 

This is the document I've been following. Ref: https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-11-5-0/16.html?sr=35921646

 

Trying to confirm if this is true or false: Example: Client app only support ciphers A+B, F5 only supports ciphers A+C, and the webserver only supports ciphers B+C, no connection can be established, because there is no cipher that all 3 understand. * cipher A = not understood by the Webserver * cipher B = not understood by the proxy * cipher C = not understood by the client app