Forum Discussion

Nimbostratus

Jul 26, 2016

Proxy SSL and ECC ciphers

So I know that currently Proxy SSL does not support anything other than RSA key exchanges. I don't know if anyone had found any other way to do certificate authentication on the web server while sti...

Employee

Jul 26, 2016

It's not a function of ProxySSL, but of ANY SSL man-in-the-middle technology. Without getting into the details, ECC is generally deployed with the Diffie-Hellman key agreement protocol, which does not use the server's public and private keys to encrypt anything in the initial handshake. SSL MITM relies on the RSA key exchange, because the server's public key is used to encrypt the third piece of the master secret between the client and server (the other two pieces are relayed in the clear), so anyone with access to the server's private key and a copy of the message can decrypt and access the encryption keys.

Forum Discussion

Proxy SSL and ECC ciphers

SSO Login Update Coming to DevCentral

Kevin - June 2026 Featured F5er

Tyler - May 2026 Featured Member

Recent Discussions

migrate from serie I to R. Cluster LTM-GTM

F5 https monitor receive string

What configuration issue am I experiencing with this 130-domain VS ?

F5 System Scanner - How I deployed it at scale

Ivanti MDM Core & F5 LTM/ASM with mTLS

Related Content

Integrating SSL Orchestrator with McAfee Web Gateway-Transparent Proxy

SSL Orchestrator Advanced Use Cases: Integrating SOCKS Proxy

SSL PROXY

How Proxy SSL works on BIG-IP

SSL Profiles Part 4: Cipher Suites