Forum Discussion

Saad_Malik_2068's avatar
Saad_Malik_2068
Icon for Nimbostratus rankNimbostratus
Jun 23, 2018

TLS handshake in passthrough scenario

Hi All,   This might be a basic question but i would like to know how the SSL/TLS handshake takes place in a SSL passthrough scenario. If we are not doing the offloading, there is no certificate ...
BIG-IP
LTM
security
ssl handshake
ssl passthrough
tls
AceDawg1's avatar
AceDawg1
Icon for Nimbostratus rankNimbostratus

You are correct. In a scenario where the load balancer does not perform ssl encryption/decryption (offloading), ssl negotiation is performed directly between the client and backend pool members (servers).

 

A typical F5 configuration would be comprised of a virtual server that listens on port 443, server type of standard or layer 4 and backend pool members listening on port 443.

 

Saad_Malik_2068's avatar
Saad_Malik_2068
Icon for Nimbostratus rankNimbostratus
Jun 24, 2018

Hi Ace,

 

thanks for the confirmation, i thought so too but my confusion starts when i think of the load balancing. So the client hello comes through, the load balancer sends it to one of the available nodes....how does the stickiness persist in this case when the other handshake packets comes?

 

So in this scenario, the VIP has a natted IP on the firewall which is exposed on the internet, the external clients connects to that IP. So my understanding was the load balancer will make the connection with the external client and make another connection with a particular back-end node and once the connection is established, it will just pass the ssl/tls traffic through. Offloading would be if we decrypt the tls/ssl packets which we are not in this case.