For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

VFB's avatar
VFB
Icon for Cirrus rankCirrus
Jul 06, 2018

re-encrypt with different cipher on server-ssl profile?

Is it possible to set a client ssl profile to cipher with diffie-helman and re-encrypt on the server ssl side to RSA? I presume this would be taxing on the device, but I need to understand the ins and outs of it.

 

application delivery
BIG-IP
LTM

2 Replies

  • Al_7443's avatar
    Al_7443
    Icon for Nimbostratus rankNimbostratus
    Jul 06, 2018

    Yes, it's supported. The LTM decrypts and re-encrypts traffic anyway so there is no huge difference in doing this. If you only have RSA in the suites accepted by your back-end server then the LTM will do it automatically. If not, create a server SSL profile with custom ciphers.

     

  • Samir_Jha_52506's avatar
    Samir_Jha_52506
    Icon for Noctilucent rankNoctilucent
    Jul 07, 2018

    Yes, You can make it. Only thing you need to create two profile(client-SSL and Server-SSL) to solve issue. Allow the cipher as per requirement and test it in non-prod device.

     

    Hope it will work for you.