Mutual SSL implementation using Layer 4 forwarding

Question

Would it be possible to configure two-way SSL using layer 4 forwarding(Passthrough LB configuration)?&nbsp;
Our application is trying to authenticate client certificates but the connection fails with the below error -&nbsp;
SSL session initialization error, SSL_connect/accept failed, SSL_ERROR_SSL: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate s3_srvr.c:3274 PeerIP=10.10.10.15&nbsp;
Where 10.10.10.15 is the SNAT IP of the virtual server. As per the above log, server is trying to obtain certificate from the LTM and is failing.&nbsp;
Is it possible to setup 2-way ssl using Layer 4 forwarding or do I need to setup 2 way SSL at the LTM by using a standard type virtual server and terminating the ssl?&nbsp;

kevin_stewart · Answer

In the absence of client and/or server SSL profiles applied to the VIP, SSL traffic should pass directly through to the server. You should be able to create a standard type VIP and not apply SSL profiles, or possibly any other type of forwarding VIP.

Forum Discussion

Mutual SSL implementation using Layer 4 forwarding

1 Reply

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

VIP is not responding on SYN after enabling other modules like ASM, APM and AFM.

2026 301a exam

UCS Encryption Question

Unblock Request WAF

VIP in https that redirect to another vip in https

Related Content

What is Mutual TLS (mTLS)?

CORS implementation

F5 Distributed Cloud for Global Layer 3 Virtual Network Implementation

Mutual authetication from imperva to F5

Hands-On Quantum-Safe PKI: A Practical Post-Quantum Cryptography Implementation Guide

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS