SSL Methods for LTM

SSL Methods for LTM

 There are 3 types of SSL Methods used in F5.

SSL Offload,
SSL Pass-Through
Full SSL Proxy

SSL Offloading - In this method the client traffic to BIG-IP is sent as encrypted. Instead of the server decrypting and re-encrypting the traffic BIG-IP would handle that part. So the client traffic is decrypted by the BIG-IP and the decrypted traffic is sent to the server. The return communication from the server to client is encrypted by the BIG-IP and sent back to the client

Example - Frond end useing 443 and backend server using port 80 insequre.

SSL Pass through -  BIG-IP will just pass the traffic from client to servers absolving itself from any SSL-related workload. Instead of forwarding SSL handshakes and connections to the servers directly, it will just pass the client traffic to the servers. Usually, this setup is used if the applications being served are anti SSL proxy or cannot consume decrypted traffic

SSL Full Proxy - This method goes by a few names such as SSL Re-Encryption, SSL Bridging and SSL Terminations. In this method the BIG-IP will re-encrypt the traffic before sending it to the servers. Client sends encrypted traffic to BIG-IP , BIG-IP then decrypts it and before send it to the servers or pool members re-encrypts it again. This method is generally used to satisfy the requirement of traffic to be encrypted between the LTM and Servers as well.