SSL Passthrough.

Question

Hi All,&nbsp;I need a little urgent help  with SSL passthrough.  Basically, I want to know how to achieve SSL pass through? as it stands, its not working.&nbsp;at the moment I have a VS listening on port tcp/443 and pool listening on tcp/18103,  I am not using any IRULEs. I have already tried creating client and SSL profiles with SSL pass through enabled  but still no use.&nbsp;I will appreciate your help with this.&nbsp;Regards,

xres · Answer

I would start with setting client side http profile to none (to force your VS to establish TCP connection with serverside without waiting for client data) and setting the SNAT to automap (to exclude any problems with your SNAT pool).

xres · Answer

I think that at this point this is irrelevant whether you use standard or forwarding VS. Either way you are trying to full proxy a connection and SNAT and using forwarding VS gives you advantages of FastL4 profile - which we do not care about for now :)

xres · Answer

Seems to me that the option you are reffering to is probably not the one you are looking for - it is suitable when you offload or bridge SSL and the ciphersuite negotiated between the client and server is not supported - then the traffic passes through. Is this your use case? If you want to use SSL Passtrough (meaning no SSL inspection at all) then simply do not attach either client or server SSL profile.

qasim · Answer

Thanks Res for your swift response. Yes, you are right i just dont want the ltms to decrypt the traffic. ​ I tried it without the ssl profiles first, it didn't work so that's why tried the ssl profiles.​​is there anything I need to do on http profile?​Thanks ​

qasim · Answer

Sorry forgot to mention that I am using SNAT, that cant be causing any problem is it?​

Forum Discussion

SSL Passthrough.

8 Replies

AppWorld Berlin iRules Contest!

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

Recent Discussions

Priority Group Activation is not working

Changes to DO and AS3 GitHub - no longer monitored

SSL Forward Proxy, iRules and Client Hello

monitor/healthcheck issue with envoy gateway

Recommendation for Adv. Lab

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS