SSL Profiles Part 1: Handshakes

This is the first in a series of tech tips on the F5 BIG-IP LTM SSL profiles.  SSL Overview and Handshake SSL Certificates Certificate Chain Implementation Cipher Suites SSL Options SSL...
Updated Mar 24, 2023
Version 2.0
LTM
security
series-the-ssl-profile
ssl
tech tip
JRahm's avatar
Icon for Admin rankAdmin
Christ Follower, Husband, Father, Technologist. I love community and I especially love THIS community. My background is networking, but I've dabbled in all the F5 iStuff, I'm a recovering Perl guy, and am very much a python enthusiast. Learning alongside all of you in this accelerating industry toward modern apps and architectures.
View Profile
JRahm's avatar
Icon for Admin rankAdmin
Christ Follower, Husband, Father, Technologist. I love community and I especially love THIS community. My background is networking, but I've dabbled in all the F5 iStuff, I'm a recovering Perl guy, and am very much a python enthusiast. Learning alongside all of you in this accelerating industry toward modern apps and architectures.
View Profile
Praveen32_33178's avatar
Praveen32_33178
Icon for Nimbostratus rankNimbostratus
Mar 02, 2019

I will try to answer this one,

 

The server ssl profile is for acting as an ssl client. Since, we are talking about Client Authentication here, if the certificate on your node has a server, I'd assume that you need re-enryption to your server too.

 

In addition, in client authentication, the server challenges the client for authentication. The client,in this case the BIGIP authenticates [using its private key] itself by sending a digital signature back to server ( node ). Because, the server now has the clients public key, pre master secrets come into play on the server side of the connection.

 

If the certificates on your server-ssl profile and the server are the same, i would assume there should be an SSL handshake failure.