Forum Discussion
jakru_162096
Nimbostratus
Hello,
take a look on client ssl profile. You have whole section there called "Client Authentication" where you define parameters used to determine if client with certain certificate should be allowed or not.
More details here: https://support.f5.com/csp/article/K14783
Kevin_Stewart
Nov 18, 2018Employee
By "SSL proxy", do you mean "Proxy SSL"? If so, in this function the BIG-IP has no control over the TLS handshake. You can see the TLS handshake, but you'd have to use TCP binary iRules to inspect it.
It's probably also worth noting that Proxy SSL, like any other product that does passive SSL inspection, cannot work with perfect forward secret (DHE) ciphers.