Forum Discussion

Dazzla_20011

Nimbostratus

Mar 25, 2011

Server-side SSL

Hi, Currently we only do client-side SSL on the F5. I've been asked if we can encrypt the traffic from the F5 to web servers. I know the F5 can do server side ssl so just wonderered if some...

config

design

Hamish

Cirrocumulus

Mar 25, 2011

100% correct. It really is that simple.

You CAN make it difficult if you like... But remember the trade offs. The biggest advantage of doing offload in the first place is not having to doit to the backend... So the backend doesn't have to do the processing... Of course with longer keylengths you can trade off security with a shorter keylength for the server side... But generally in most environments you're not buying a lot when you re-encrypt... If an attacker can snoop your backend traffic (WHich is what serverside SSL is guarding against), you're already broken...

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Server-side SSL

Recent Discussions

Can you set Kerberos AAA server via session variable?

HTML Code injection Not detected by ASM

What will be happen to live and existing connections when failover HA BIG IP active-standby

SSL Offload and remove FQDN

High CPU utilization (100%).

Related Content

SSL Heartbleed server side iRule

Client-side vs Server-side Load Balancing

Server Side Profile not show the certificate

Atlassian Jira Contact Administrator Server Side Template Injection (CVE-2019-11581)

Dyre presents server-side web injects

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS