For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

How Proxy SSL works on BIG-IP

1. Lab Scenario Lab test results: Client completes 3-way handshake with BIG-IP and BIG-IP immediately opens and completes 3-way handshake with back-end server Upon receiving Client Hell...
Published Sep 04, 2019
Version 1.0
BIG-IP
security
ssl
tls
Eric_Chen's avatar
Eric_Chen
Icon for Employee rankEmployee
Sep 05, 2019

Typically I see Proxy SSL for cases where the BIG-IP needs to proxy a client certificate authentication (mutual TLS). You mention the requirement for RSA key exchanges; that is not ideal to not be using ECC ciphers. Hopefully we'll see a follow-up article talking about C3D and the virtues of being able to re-generate a new client certificate that is trusted by the backend server as an alternate method to achieve the same end goal. Nice article!