Forum Discussion
Kevin_Stewart
Sep 27, 2018Employee
I would probably argue that, with respect to increased security concerns and the "zero trust" movement, that a better practice would be to re-encrypt to the servers. You of course don't get the full performance benefit of SSL offload, but there's nothing that says you can't use 1K RSA keys on the inside to the servers, and 2K keys and/or ECC to the clients.
If you did re-encrypt to the Tomcat servers, it literally doesn't matter what certificates you apply to the servers, as the F5 will by default ignore server side certificate validation.