ssl termination on F5

Question

**client**            &lt;---&gt; F5 &lt;---&gt;     **Server** (SSL cerfificate available)

(client supports only TLS 1.1 and above)     (Server Supports only TLS 1.0)
In the above scenario, we got problem due to an old server (only supports TLS 1.0)
As a workaround, i am planning to  offload SSL to F5 and let F5 function as a proxy.
I can export SSL cert from web server and apply on F5 client side profile on F5(no Server ssl profile configured as of now) 
Also there is a requirement that the server initiates some connection to client. 
Q1. Is client SSL profile (on F5) is enough to achieve above requirement
Q2. Do i need any server SSL profile (on F5) ?

chris_grant · Answer

You only need a serverSSL profile if the server is expecting an SSL connection. If you don't want to change how it's currently configured, then yes you would need a ServerSSL profile. Note that you may need to either use serverssl-insecure compatible or a custom serverssl profile depending on the requirements of your back end server.

Forum Discussion

ssl termination on F5

1 Reply

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

F5 Academies Are Back – And We’re Coming to a City Near You

Recent Discussions

APM Access Policy|SSLVPN | SAML auth questionnaires

Cert Bundle Manager

PKI PIN works for users from one network, not the other.

Why does SSLO not support ACTIVE-ACTIVE mode deployments？

r4600 Tenant CPU Assignment

Related Content

SSL Termination

FTPS_SSL_ Termination

SSL Orchestrator Service Extensions: User Coaching

Configure NGINX microgateway for MTLS termination and client certificate hash verification

F5 BIG-IP as a Terminating Gateway for HashiCorp Consul

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS