Was this article helpful?


  • Is there any way to do client cert authentication pass though without proxy SSL. ECDHE is becoming more and more required. Especially with iOS 9.
  • Complete SSL passthrough where you simply load balance is possible...unfortunately the proxySSL capability extendng to ECC and the likes is a limitation within the protocols. Alternative to simple load balancing for non RSA key exchange at this point is offload with client auth moved forward from the app to the BIG-IP.
  • added an annotation to the video as well for the cipher list, either the server or the BIG-IP should be trimming non RSA ciphers for Proxy SSL to work.