SSL Authentication by server side

Question

Hi All,&nbsp;
&nbsp;I'm looking to implement an SSL re-encryption but need to have the real server perform the SSL authentication checks. I know the F5 can perform this check via an iRule, but security policy mandates that no one should be able to query the real server directly. Can someone please point me in the right direction?&nbsp;
&nbsp;I'm currently on v10.x code. I've been told that v11 offers "proxy SSL"?&nbsp;
&nbsp;I'd appreciate any suggestions.&nbsp;

hoolio · Answer

Hi Silicon, 
&nbsp;  
&nbsp; In 11.0, we added support for Proxy SSL where you configure the server SSL cert(s)/key(s) in server ssl profile(s) and enable Proxy SSL on a client and the server SSL profiles.  TMM then goes into a pass through mode for the SSL handshake so the server receives the actual client cert when it's requested.  After the initial handshake, TMM is able to decrypt the bulk crypto and access the decrypted content for use with LTM, iRules, WAM, WOM, etc.  Make sure to use the most current 11.x code and latest hotfix as there have been a couple of recent fixes with this feature. 
&nbsp;  
&nbsp; Aaron

silicon_84874 · Answer

Thanks Aaron, I'll go down the most current v11 code +HF. 
&nbsp;  
&nbsp; Regards, 
&nbsp; Silicon

Forum Discussion

SSL Authentication by server side

2 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

F5 Software Downgrade from version 17.x.x to 15.x.x

Error diskmonitor

CPU utilization of F5OS on r2600

sslprovide (--f5 ssl) does not generate CLIENT/SERVER_TRAFFIC_SECRET on server-side TLS traffic

Hardware replacement i2800 to r2600

Related Content

Configuring APM Client Side NTLM Authentication

Client-side vs Server-side Load Balancing

RADIUS server authenticating user with Google Authenticator

Client side to server side SNI relay iRule

Simple HTTP Authentication server

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS