Forum Discussion

Sulabh_Srivasta's avatar
Sulabh_Srivasta
Icon for Altostratus rankAltostratus
Jun 02, 2022

Explicit Forward proxy and Client TLS conversion

Hello Allo,

We have an application that communicates to external vendor, the applications are on old version of Java that only supports TLS 1.0 however vendor only support TLS1.2 and higher. 

We cannot update the application and we need to translate TLS 1.0 to 1.2, we are using the LTM as Explicit forward proxy.  

Is there any way to translate TLS version from 1.0 to 1.2 ??

Any suggestions would be great help!

2 Replies

  • Hi,

    Translate TLS version 1.0 to 1.2 is not possible, you have to break the SSL tunnel in the F5 to install the certificate of the application, to meet this requirement you have to:

    install the application certificate on the client-side for the virtual server create a SSL client-side profile, configure the virtual server with the client-side SSL created in the last step and configure the server-side with the default serverssl-insecure-compatible in the virtual server.

    https://support.f5.com/csp/article/K14620

    Hope it´s work.

    • Sulabh_Srivasta's avatar
      Sulabh_Srivasta
      Icon for Altostratus rankAltostratus

      Hi,

      There is no application certificate on the server as told by server/app admin. I tried your solution using F5 self signed cert and installed the same cert on server but that didn't work.

      Let me re-phrase my question and requirement:

      App/server(tls1.0) --> F5 (tls1.0 ->tls1.2) ---> external vendor server(tls1.2) 

      How can I do that ?

      Thank you