Activate F5 product registration key
Verify the proper operation of your BIG-IP system
Get up to speed with free self-paced courses
Join the community of 250,000+ technical peers
Advance your career with F5 Certification
Product Manuals and Release notes
One of the functions of the SSL proxy is to handle encryption and decryption tasks that are normally performed by a web server as part of processing a client request. When configured as a client-side-only proxy, the proxy decrypts incoming requests before sending them on in plain text to the target server. When the SSL-to-Server feature is enabled, the proxy provides an additional level of security by re-encrypting the request before sending it on to the target server.
SSL proxy server-side re-encryption at the pool level allows you to override the re-encryption option for selected pools. This is useful for configurations that include a local pool that does not require server side re-encryption and a remote fallback pool that requires server-side re-encryption. In order for selective re-encryption to function correctly, the pool must be referenced by a proxy that has server-side re-encryption enabled. For information on setting up server-side re-encryption on a proxy, see the BIG-IP Reference Guide.
Follow these steps to configure SSL server-side re-encryption on a pool using the Configuration utility. SSL server-side re-encryption is enabled by default.
The serverssl option enables and disables the server-side re-encryption feature for the pool being defined. SSL re-encryption is enabled by default for all server-side connections. If this option is set to disable, server-side re-encryption is disabled on the target pool even when server-side re-encryption is enabled on the proxy.
To configure server-side re-encryption for a pool from the command line, type the bigpipe pool command, using the appropriate arguments, as follows:
bp pool <pool_name> serverssl <enable | disable>
To view the status of server-side re-encryption for a pool from the command line, type the following bigpipe pool command:
bp pool <pool_name> serverssl show