For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Saad_Malik_2068's avatar
Saad_Malik_2068
Icon for Nimbostratus rankNimbostratus
Jun 23, 2018

TLS handshake in passthrough scenario

Hi All,   This might be a basic question but i would like to know how the SSL/TLS handshake takes place in a SSL passthrough scenario. If we are not doing the offloading, there is no certificate ...
BIG-IP
LTM
security
ssl handshake
ssl passthrough
tls
AceDawg1's avatar
AceDawg1
Icon for Nimbostratus rankNimbostratus
Jun 23, 2018

You are correct. In a scenario where the load balancer does not perform ssl encryption/decryption (offloading), ssl negotiation is performed directly between the client and backend pool members (servers).

 

A typical F5 configuration would be comprised of a virtual server that listens on port 443, server type of standard or layer 4 and backend pool members listening on port 443.

 

Saad_Malik_2068's avatar
Saad_Malik_2068
Icon for Nimbostratus rankNimbostratus
Jun 24, 2018

Great! So in my case, there will be 2 connection....client to loadbalancer and than loadbalancer to back-end server. Currently, the persistence method deployed is the source persistence with a refresh of 48 hours. In that case any connections coming in from a particular client, within the 48 hours time frame will be sent to the same back-end server where the first packet was sent.

 

That explains alot....would be nice if F5 has the tls passthrough document someplace.