Forum Discussion

Cirrus

May 08, 2019

Is it possible to do both 1 way AND 2 way SSL on a single VIP?

So I have a requirement to set up a vip for 2way SSL. The client connects to the site and the site serves the page. This should be simple. However, once the client connects to the site, the site d...

LTM

security

Vinit_Ajgaonkar

Nimbostratus

May 08, 2019

Hi Atoth,

Modifying the client authentication in the SSL profile can allow for the VIP to be configured as both 1-way and 2-way.

However from a security standpoint it kind of nullifies the Cert based authentication becuase even users who dont pass the auth check can get through.

Client authentication options in ClientSSL profile are as below: 1. Require(Strict and requires client cert authentication) 2. Request(Not strict for client cert authentication for the ssl session to be established) 3. Ignore(Default)

Regards, Vinit

Forum Discussion

Is it possible to do both 1 way AND 2 way SSL on a single VIP?

Recent Discussions

AS3 Deployments (shared objects)

Inquiry on F5's Maintenance Mode Feature for Pool Members

F5Access | MacOS Sonoma

Ansible modules for F5OS

VPN fragmented IP packets dropped

Related Content

Brute Force protection for single parameter like OTP

Single Node Persistence

single slot multiple core vs multiple slot single core

User roles per partition: are multiple possible?

BigIP VE - Multiple VLANs on single partition with single interface