SSL cert 128 in with 256 out, F5 middleman

Question

Is it possible to use the BigIP LTM to accept an SSL 128 connection in and to then make an SSL 256 connection out?  We have an Internal app that only supports 128 at the moment connecting to a customer that only supports a 256 connection.  &nbsp;
Thank you, &nbsp;

amine_kadimi · Answer

Yes this is possible. You just need to have both a client ssl and a server ssl profile to handle the ssl connections in both directions. Depending on your F5 version and your server supported alogrithms you may either use a default server ssl profile or customize a new one to support 'weakest' algorithms.

frank_catapano_ · Answer

Amine, 
So would my internal app connect to a VIP on the LTM using a 128-client cert and a 256-server cert?  &nbsp;
Thanks, &nbsp;

amine_kadimi · Answer

Short answer is Yes.&nbsp;
F5 is acting as a full proxy device. This means that on each side, client-side and server-side, there is a separate connection. One of the multiple advantages of such architectures is that you can customize each of the two connections separately to match your specific needs. In your case a 256 bit key-size in one side and 128 bit in the other.&nbsp;

Forum Discussion

SSL cert 128 in with 256 out, F5 middleman

3 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Same LTM Monitor applied to different Pools with Common Nodes

irule execution error

F5 AWAF/ASM learning only from Trusted traffic?

OWA File Upload URIs for WAF Bypass

Curl 7.10.5 < 8.12.0 Integer Overflow (CVE-2025-0725)

Related Content

Integrating Hashicorp Vault with Cert Manager and F5 NGINX Ingress Controller

Use Kubernetes Cert-Manager to Maintain Let's Encrypt Certificates

SSL Cert expiration Tracker

SSL-Cert

Selective Client Cert Authentication

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS