cancel
Showing results for 
Search instead for 
Did you mean: 

Explicit Forward proxy and Client TLS conversion

Sulabh_Srivasta
Altostratus
Altostratus

Hello Allo,

We have an application that communicates to external vendor, the applications are on old version of Java that only supports TLS 1.0 however vendor only support TLS1.2 and higher. 

We cannot update the application and we need to translate TLS 1.0 to 1.2, we are using the LTM as Explicit forward proxy.  

Is there any way to translate TLS version from 1.0 to 1.2 ??

Any suggestions would be great help!

2 REPLIES 2

Sebastiansierra
Cirrocumulus
Cirrocumulus

Hi,

Translate TLS version 1.0 to 1.2 is not possible, you have to break the SSL tunnel in the F5 to install the certificate of the application, to meet this requirement you have to:

install the application certificate on the client-side for the virtual server create a SSL client-side profile, configure the virtual server with the client-side SSL created in the last step and configure the server-side with the default serverssl-insecure-compatible in the virtual server.

Sebastiansierra_0-1654243150125.png

https://support.f5.com/csp/article/K14620

Hope it´s work.

Hi,

There is no application certificate on the server as told by server/app admin. I tried your solution using F5 self signed cert and installed the same cert on server but that didn't work.

Let me re-phrase my question and requirement:

App/server(tls1.0) --> F5 (tls1.0 ->tls1.2) ---> external vendor server(tls1.2) 

How can I do that ?

Thank you