For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

SSL Orchestration: Making outbound SSL inspection faster and more resilient

Last month the super-friendly guys at DevCentral let me use their awesome lightboard studio to record a ten-minute video about outbound SSL orchestration. In the video, I said that an administrator c...
Published Aug 24, 2016
Version 1.0
LTM
security
RajnishGargNSIT's avatar
RajnishGargNSIT
Icon for Nimbostratus rankNimbostratus
Jan 27, 2018

It's an awesome article and thanks a lot for posting it. Can you please guide us few things- 1. Lets take an example SSLO is being used in Forward proxy mode and sitting in transparent mode. Cases require Client Authentication request by external server, how does SSLO participate in that part of communication?

 

  1. In a multi-link environment, how does SSLO maintain the link affinity after Decrypt/encrypt processing and inline server chain processing? Do you rely on VLAN Tagging techniques whenever traffic enters on the SSLO appliance?

     

  2. For reverse proxy environment where client wants to place SSLO just for traffic decrypt/encrypt and inline service chaining to multiple tools, Can it support ephemeral ciphers ? Some of the old blogs state that only Static Key ciphers supported in the reverse proxy mode. Can you please explain why.

     

Thanks Raj