Forum Discussion

Nimbostratus

Jul 26, 2016

Proxy SSL and ECC ciphers

So I know that currently Proxy SSL does not support anything other than RSA key exchanges. I don't know if anyone had found any other way to do certificate authentication on the web server while sti...

Employee

Jul 26, 2016

It's not a function of ProxySSL, but of ANY SSL man-in-the-middle technology. Without getting into the details, ECC is generally deployed with the Diffie-Hellman key agreement protocol, which does not use the server's public and private keys to encrypt anything in the initial handshake. SSL MITM relies on the RSA key exchange, because the server's public key is used to encrypt the third piece of the master secret between the client and server (the other two pieces are relayed in the clear), so anyone with access to the server's private key and a copy of the message can decrypt and access the encryption keys.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Proxy SSL and ECC ciphers

Recent Discussions

Problem with lets encrypt and redirect after update

Should config via cli rather than gui?

Is a Dedicated Interface, VLAN, and Self IP Required for a VIP in an F5 Configuration?

question about getting hsl data to be formatted properly in splunk

iRule for client certificate verification and inserting CN

Related Content

Integrating SSL Orchestrator with McAfee Web Gateway-Transparent Proxy

SSL PROXY

Integrating SSL Orchestrator with Symantec ProxySG: Transparent Proxy

Integrating SSL Orchestrator with CheckPoint Firewall VM-Transparent Proxy

Cipher Suites Supported (12.1.5.3)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS