Forum Discussion
SSL bridging without SSL proxy forward
Dear all,
I would like to implement ssl brigding for SMTPS traffic in my organization. In my case, I would like the client devices to receive the certificate configured in clientssl profile.
When adding the serverssl profile to the virtual server, I get an error:
smtps configuration error: SSL forward-proxy must be enabled
Configuring SSL forward-proxy is not a solution for me, because the clients do not accept SMTP server certificates.
Is it possible to configure ssl bridging for SMTPS without configuring SSL forward-proxy or to configure SSL forward-proxy so that client device get the certificate defined in clientssl profile?
If it is real SMTPS then a TCP Virtual server with client side and server side ssl profiles should do the job.
If it is STARTTLS option then see Securing Client-Side and Server-Side SMTP Traffic | DevCentral as there is a link to an irule as F5 without the irule and just SMTP profile supports Client Side SMTP with TLS and not encrypted server side as seen in Securing SMTP Traffic
- Aswin_mkCumulonimbus
Hi maciek
Could you please verify this f5 article -After upgrading to 14.x or later, we get the error ''SSL forward-proxy must be enabled'' when SMTPS and serverssl profiles are both configured
BR
Aswin If it is real SMTPS then a TCP Virtual server with client side and server side ssl profiles should do the job.
If it is STARTTLS option then see Securing Client-Side and Server-Side SMTP Traffic | DevCentral as there is a link to an irule as F5 without the irule and just SMTP profile supports Client Side SMTP with TLS and not encrypted server side as seen in Securing SMTP Traffic
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com