F5 Logo MyF5
Search
  1. MyF5 Home
  2. BIG-IP System: SSL Administration
  3. SSL Traffic Management
Manual Chapter : SSL Traffic Management

Applies To:

Show Versions Show Versions
Manual Chapter

SSL Traffic Management

Create a custom Client SSL profile

You create a custom Client SSL profile when you want the BIG-IP system to terminate client-side SSL traffic for the purpose of decrypting client-side ingress traffic and encrypting client-side egress traffic. By terminating client-side SSL traffic, the BIG-IP system offloads these decryption/encryption functions from the destination server. When you perform this task, you can specify multiple certificate key chains, one for each key type (RSA, DSA, and ECDSA). This allows the BIG-IP system to negotiate secure client connections using different cipher suites based on the client's preference.
At a minimum, you must specify a certificate key chain that includes an RSA key pair. Specifying certificate key chains for DSA and ECDSA key pairs is optional, although highly recommended.
  1. On the Main tab, click
    Local Traffic
    Profiles
    SSL
    Client
    .
    The Client SSL profile list screen opens.
  2. Click
    Create
    .
    The New Client SSL Profile screen opens.
  3. In the
    Name
     field, type a unique name for the profile.
  4. From the
    Parent Profile
     list, select
    clientssl
    .
  5. Select the
    Custom
     check box.
    The settings become available for change.
  6. From the
    Configuration
     list, select
    Advanced
    .
  7. For the
    Mode
     setting, select the
    Enabled
     check box.
  8. For the
    Certificate Key Chain
     setting, click
    Add
    .
    1. From the
      Certificate
       list, select a certificate name.
      This is the name of a certificate that you installed on the BIG-IP system. If you have not generated a certificate request nor installed a certificate on the BIG-IP system, and the BIG-IP system is not part of a device service clustering (DSC) configuration, you can specify the name of the existing certificate named
      default
      .
      If the BIG-IP system is part of a DSC Sync-Failover group, always select a non-default certificate name, and ensure that this same certificate name is specified in every instance of this SSL profile in the device group. Taking these actions helps to ensure that SSL handshakes are successful after a failover event.
    2. From the
      Key
       list, select the name of the key associated with the certificate specified in the previous step.
      This is the name of a key that you installed on the BIG-IP system. If you have not installed a key on the BIG-IP system, and the BIG-IP system is not part of a device service clustering (DSC) configuration, you can specify the name of the existing key named
      default
      .
      If the BIG-IP system is part of a DSC Sync-Failover group, always select a non-default key name, and ensure that this same key name is specified in every instance of this SSL profile in the device group. Taking these actions helps to ensure that SSL handshakes are successful after a failover event.
    3. From the
      Chain
       list, select the chain that you want to include in the certificate key chain.
      A certificate chain can contain either a series of public key certificates in Privacy Enhanced Mail (PEM) format or a series of one or more PEM files. A certificate chain can contain certificates for Intermediate certificate Authorities (CAs).
      The default self-signed certificate and the default CA bundle certificate are not appropriate for use as a certificate chain.
    4. For the
      Passphrase
       field, type a string that enables access to SSL certificate/key pairs that are stored on the BIG-IP system with password protection.
      This setting is optional. For added security, the BIG-IP system automatically encrypts the pass phrase itself. This pass phrase encryption process is invisible to BIG-IP system administrative users.
    5. Click
      Add
      .
  9. In the
    Certificate Key Chain
     setting, click
    Add
     again, and repeat the process for all certificate key chains that you want to specify.
    At a minimum, you must specify an RSA certificate key chain.
    The result is that all specified key chains appear in the text box.
  10. The
    OCSP Stapling
     setting allows you to select an SSL Online Certificate Status Protocol (OCSP) stapling profile which contains various OCSP stapling parameters. By default this setting is disabled. To enable OCSP stapling, select the
    OCSP Stapling
     check box.
    To enable OCSP stapling, you must first create an OCSP Stapling profile. See
    Creating an OCSP stapling profile
     for detailed steps.
  11. If you want to
    Notify Certificate Status to Virtual Server
    , select the check box.
    This setting is used to communicate SSL certificate revocation status to the virtual server. This is typically implemented in conjunction with an OCSP stapling configuration.
  12. The
    Ciphers
     setting is optional. By default, the Client SSL profile uses the DEFAULT cipher string. In most cases, the DEFAULT cipher string is appropriate, but you can customize it as necessary to meet the security and performance needs of your site. Specify a cipher group or cipher string by choosing one of these options.
    If you specified an ECDSA certificate key chain in the
    Certificate Key Chain
     setting, you must include the cipher string
    ECDHE_ECDSA
     in the cipher group or cipher string that you specify in the
    Ciphers
     setting. (At a minimum, you should specify a cipher group or string such as
    DEFAULT:ECDHE_ECDSA
    .) This is necessary to ensure successful cipher negotiation when the BIG-IP system is offered an ECDSA-based certificate only.
    Option
    Description
    Cipher Group
    Select an existing cipher group from the list when you want to use a system-defined or custom cipher group to define the ciphers that the BIG-IP system uses for negotiating SSL connections. Here's an example of the
    Ciphers
     setting where we've selected a custom cipher group that we created earlier.
    Cipher String
    Type a cipher string in the box if you want to manually specify a cipher string instead of selecting a cipher group. For security and performance reasons, consider following these recommendations:
    • Always append ciphers to the
      DEFAULT
       cipher string.
    • Type a cipher string that includes the ECC key type, because its shorter length speeds up encryption and decryption while still offering virtually the same level of security.
    • Disable ADH ciphers but also include the keyword
      HIGH
      . To do this, just include both
      !ADH
       and
      :HIGH
       in your cipher string.
    • For AES, DES, and RC4 encryption types, make sure you specify the DHE key exchange method. DHE uses
      Forward Privacy
      , which creates a key that it throws away after each session so that the same session key never gets used twice. When you use DHE, make sure that the SSL private key isn't being shared with a monitoring system or a security device like an intrusion detection or prevention system. Also, diagnostic tools like
      ssldump
       won't work when you're using Forward Secrecy.
    • Disable EXPORT ciphers by including
      !EXPORT
       in the cipher string.
    • If you can live with removing support for the SSLv3 protocol version, do it. This protocol version is not secure. Simply include
      :!SSLv3
       in any cipher string you type.
    Here's an example of the
    Ciphers
     setting where we have opted to manually type the cipher string
    DEFAULT:ECDHE-RSA-AES-128-GCM-SHA256:!ADH:!EXPORT:HIGH
    :
  13. When enabled, the
    Options
     setting, references the Options List setting, which are industry standard SSL options and workarounds use for handling SSL processing. The default setting is All Options Disabled. By default, TLSv1.3 is disabled in this configuration.
  14. The
    Options List
     setting provides selection from a set of industry standard SSL options and workarounds for handling SSL processing.
  15. The
    Data 0-RTT
     setting when Enabled, specifies that you can initiate a server connection for early data so to receive the benefits of early data delivered to the server-side early. The default value is Disabled.
  16. When the
    Proxy SSL
     setting is enabled, the client can directly authenticate with the server, and the server can authenticate with the client, based on the client certificate presented. In a typical setup, with the BIG-IP system in the middle, the client and server cannot communicate directly to authenticate each other. The Proxy SSL setting requires both a Client SSL profile and a Server SSL profile, and you must enable the setting in both profiles. For information about the Proxy SSL setting, refer to the following resources:
    2. The
      Implementing Proxy SSL on a Single BIG-IP system
       chapter in this guide.
  17. The
    Proxy SSL Passthrough
     setting allows Proxy SSL to pass traffic when the cipher suite negotiated between client and server is not supported. Disabled by default. If you enable it, you should enable this setting on the server SSL profile as well.
  18. The
    ModSSL Methods
     setting enables or disables ModSSL method emulation. Disabled (cleared) by default. Enable this setting when OpenSSL methods are inadequate. For example, enable it when you want to use SSL compression over TLSv1. When you enable this setting, you can then write an iRule, using the
    HTTP::header insert_modssl_fields
     command, which inserts some of the ModSSL options as headers into HTTP requests. See
    ModSSL options for use with iRules
     section of the
    Additional SSL Profile Configuration Options
     chapter in this guide.
  19. The
    Cache Size
     setting specifies the maximum number of SSL sessions allowed in the SSL session cache. The default value for Cache Size is 262144 sessions. A value of
    0
     disallows session caching.
  20. The
    Cache Timeout
     setting specifies the number of seconds that the system allows SSL sessions to remain in the SSL session cache before removing them. The default value for Cache Timeout is 3600 seconds. The range of values configurable for Cache Timeout is between 0 and 86400 seconds inclusive.
    Longer cache timeout periods can increase the risk of SSL session hijacking.
  21. The
    Alert Timeout
     setting specifies the duration that the system tries to close an SSL connection by transmitting an alert or initiating an unclean shutdown before resetting the connection. Select Indefinite to specify that the connection should not be reset after transmitting an alert or initiating an unclean shutdown. The BIG-IP system sends an RST once the Alert Timeout value has been reached, forcefully aborting the connection early and reducing the amount of data transferred between the peer system and the BIG-IP system. The Immediate value makes the BIG-IP system reset both client and server side flows after 1/1000 seconds.
  22. The
    Handshake Timeout
     setting specifies the number of seconds that the system tries to establish an SSL connection before terminating the operation. Selecting Indefinite specifies that the system continues trying to establish a connection for an unlimited time.
  23. Configure the
    Renegotiation
     setting to control if the virtual server allows midstream session renegotiation. When enabled (default), Renegotiation allows the BIG-IP system to process midstream SSL renegotiation requests. When disabled, the system either terminates the connection or ignores the request, depending on system configuration. See
    Additional SSL Profile Configuration Options
     chapter in this guide for more details.
  24. The
    Renegotiation Period
     setting indicates the amount of time before the system renegotiates the SSL session after the initial connection. If you set it to Indefinite (default), the system does not renegotiate the SSL session.
  25. The
    Renegotiation Size
     setting indicates the amount of application data in megabytes the system must receive from the time of initial connection before it renegotiates the SSL session. If set to Indefinite (default), the system does not renegotiate the SSL session.
  26. The
    Renogotiate Max Record Delay
     setting indicates the number of SSL records allowed during the SSL renegotiation before the system terminates the connection. If set to Indefinite, the system allows an unlimited number.
  27. The
    Secure Renegotiation
     setting specifies the method of secure renegotiation for SSL connections. The default value for the Client SSL profile is
    Require
    . The values for the Secure Renegotiation setting in the Client SSL profile are as follows:
    1. Request
      : Specifies that the system requests secure renegotiation of SSL connections.
    2. Require
      : Specifies that the system requires secure renegotiation of SSL connections. In this mode, the system permits initial SSL handshakes from clients but terminates renegotiations from clients that do not support secure renegotiation.
    3. Require Strict
      : Specifies that the system requires strict, secure renegotiation of SSL connections. In this mode, the system denies initial SSL handshakes from clients that do not support secure renegotiation.
  28. The
    Max Renegotiation
     setting specifies the maximum number of SSL renegotiation attempts per connection that the system can receive in one minute before renegotiating an SSL session. For example, one client with three connections may have a maximum number of SSL renegotiation attempts equal to three times the configured Max Renegotiation value. After the system receives this number of SSL renegotiation records, it closes the connection. This setting applies to client profiles only. The default value is 5.
  29. The
    Max Aggregate Renegotiation
     setting specifies the maximum number of aggregated SSL renegotiation records that the system can receive before renegotiating an SSL session. After the system receives this number of aggregated SSL renegotiation records, it closes the connection. This setting applies to client profiles only. The default value is Indefinite.
  30. The
    Server Name
     setting specifies the fully qualified DNS hostname of the server, or a wildcard string containing the asterisk (*) character to match multiple names, used in the TLS SNI connection. There is no default value for this setting. For information about configuring the TLS SNI feature on the BIG-IP system, see K13452: Configuring a virtual server to serve multiple HTTPS sites using TLS Server Name Indication feature.
  31. When enabled, the
    Default SSL Profile for SNI
     setting indicates that the system should use the profile as the default SSL profile when there is no match to the server name or when the client does not support TLS SNI extension. This setting is disabled by default. For information about configuring the TLS SNI feature on the BIG-IP system, see K13452: Configuring a virtual server to serve multiple HTTPS sites using TLS Server Name Indication feature.
  32. When enabled, the
    Require Peer SNI Support
     setting requires that the client support the TLS SNI extension; otherwise, the BIG-IP system disconnects the client connection with a fatal alert. This setting is disabled by default.
  33. The
    Unclean Shutdown
     setting allows the BIG-IP system to perform an unclean shutdown of SSL connections by closing the underlying TCP connection without sending the SSL close notify alerts. By default, this setting is enabled (selected) and is useful for certain browsers that handle SSL shutdown alerts differently. For example, some versions of Internet Explorer require SSL shutdown alerts from the server while other versions do not, and the SSL profile cannot always detect this requirement. In the case where the browser expects a shutdown alert but the SSL profile has not exchanged one (the default setting), the browser displays an error message.
  34. The
    Strict Resume
     setting enables or disables the resumption of SSL sessions after an unclean shutdown.
  35. The BIG-IP SSL profiles support the stateless TLS session resumption mechanism as described in Internet Engineering Task Force (RFC 5077) . This mechanism allows the BIG-IP system to encapsulate the TLS session state as a ticket to the client and allows the client to subsequently resume a TLS session using the same ticket. Disabled (cleared) by default.
  36. The
    Session Ticket Timeout
     setting specifies the timeout for the session ticket. The default is 0 seconds, which means the system uses the cache timeout.
  37. The
    Session Mirroring
     setting enables or disables the mirroring of SSL session ID data to a high-availability peer. The default setting is Disabled, preventing the system from mirroring SSL session ID data.
  38. When enabled (default), the
    Generic Alert
     setting causes the system to send all SSL alerts using a generic handshake failure message. When the setting is disabled, the system sends more specific SSL alert messages.
  39. The
    Non SSL Connections
     setting enables or disables acceptance of non-SSL connections.
  40. The
    Allow Dynamic Record Sizing
     setting allows a TLS performance improvement preventing buffering and delay of TLS record fragment delivery. The BIG-IP system dynamically adjusts the size of TLS records based on the state of the connection. The disabled by default.
  41. The
    Maximum Record Size
     setting specifies the profile's maximum record size. Set to enabled when you want to allow dynamic record sizing. The range is 128 - 16384. The default setting is 16384.
  42. The
    SSL Sign Hash
     setting specifies the hash algorithm that the BIG-IP system uses to sign server key exchanges with the Diffie-Hellman (DHE), including Elliptic Curve (ECDHE) ciphers, and for certificate verify messages. Possible choices are SHA1, SHA256, SHA384, or Any. When you select Any, you authorize the system to choose any one of the hash algorithms. The BIG-IP system respects the client signature_algorithms extension as defined in TLS 1.2. When possible, the BIG-IP system prefers SHA256 in the handshake signature based on the content of the signature_algorithms extension. The BIG-IP system further upgrades the hash algorithm to Hash SHA384 from SHA256 when P-384 is used. The BIG-IP system attempts to avoid the use of SHA1 in a TLS handshake, except in the case when signatures are used in X.509 certificates (these signatures are created by the X.509 Certificate Authority). The only time the BIG-IP system uses the SHA1 handshake signature is when an RSA key is used and the signature_algorithms extension is missing or - signature_algorithms is present and only lists SHA1.
  43. The
    Peer No-renegotiate Timeout
     setting specifies the number of seconds the system waits before resetting the connection to peer systems that do not renegotiate SSL sessions. The default is 10.
  44. The
    Max Active Handshakes
     setting limits the number of concurrent SSL handshakes. When the number of active SSL handshakes reaches the specified limit, the system terminates the most recent SSL handshake. The default setting is Indefinite, which means that there is no limit.
  45. For information about using the SSL Forward Proxy feature, refer to the
    Implementing SSL Forward Proxy on a Single BIG-IP system
     chapter of the SSL Administration guide.
  46. In the
    Client Authentication
     section, the
    Client Certificate
     setting enables and disables client certificate authentication. The possible options for this setting are:
    1. Ignore
      : The Ignore setting is the default setting. It disables Client Certificate Authentication. The BIG-IP system ignores any certificate presented and does not authenticate the client before establishing the SSL session.
    2. Request
      : The Request setting enables optional Client Certificate Authentication. The BIG-IP system requests a client certificate and attempts to verify it. However, an SSL session is established regardless of whether a trusted CA presents a valid client certificate. The Request setting is often used in conjunction with iRules to provide selective access depending on the certificate presented. For example, this option is useful if you want to allow clients who present a certificate from the configured trusted CA to gain access to the application, while redirecting clients who do not provide the required certificate to a page that details the access requirements. However, if you are not using iRules to enforce a different outcome, depending on the certificate details, there is no functional benefit to using the Request setting instead of the default Ignore setting.
    3. Require
      : The Require setting enforces Client Certificate Authentication. The BIG-IP system requests a client certificate and attempts to verify it. The system establishes an SSL session only if a trusted CA presents a valid client certificate. Use the Require setting to restrict access to only clients that present a valid certificate from a trusted CA.
  47. The
    Frequency
     setting specifies the frequency of client authentication for an SSL session. The default value for this setting is once.
  48. The
    Retain Certificate
     is enabled by default. When this setting is disabled, the client certificate is not stored in an SSL session.
  49. The
    Certificate Chain Traversal Depth
     setting specifies the maximum number of certificates to be traversed in a client certificate chain. The default value is 9.
  50. The
    Trusted Certificate Authorities
     setting specifies a client CA that the system trusts. The default is
    None
    .
    1. None
      : Specifies that no CA is trusted for client-side processing.
    2. ca-bundle
      : Uses the ca-bundle.crt file, which contains all well-known public certificate authority (CA) certificates, for client-side processing.
    3. default
      : Specifies that the trusted CA for client-side processing is the default certificate on the system.
  51. The
    Advertised Certificate Authorities
     setting specifies that the CAs that the system advertises to clients is being trusted by the profile. The default is None.
    1. None
      : Specifies that the system does not advertise any chain as being trusted.
    2. ca-bundle
      : Uses the ca-bundle.crt file, which contains all well-known public certificate authority (CA) certificates, for client-side processing.
    3. default
      : Specifies that the name of the certificate on the system is the default certificate name, which the system advertises as trusted.
  52. The
    CRL File
     setting allows you to specify a CRL that the BIG-IP system should use to check revocation status of a certificate prior to authenticating a client. If you want to use a CRL, you must import it to the BIG-IP system.
  53. The
    Allow Expired CRL File
     setting instructs the system to use the specified CRL file, even if it has expired. Disabled by default.
  54. The
    Client Certificate Constrained Delegation
     setting enables or disables the C3D feature. Using constrained delegation prevents users from having to provide credentials twice for certain authentication actions. For more information on this setting, refer to K72668381: Overview of the SSL Client Certificate Constrained Delegation feature article.
  55. The
    Client Fallback Certificate
     setting specifies the client SSL profile name of the certificate file that is used as the client certificate when the client does not send one during SSL handshake. You can click the + icon to open the create-new OCSP object screen.
  56. The
    OCSP
     setting specifies the SSL client certificate constrained delegation OCSP object that the BIG-IP system's SSL should use to connect to the OCSP responder and check the client certificate status. You can click the + icon to open the create-new SSL Certifcate screen.
  57. The
    Unknown OCSP Response Control
     setting specifies the action the system takes when the OCSP object returns an unknown status. The default value is Drop, which causes the connection to be dropped. Selecting Ignore causes the connection to ignore the unknown status and continue.
  58. In the
    Logging
     section, the
    Log Publisher
     setting specifies the defined Log Publisher for the system to use for logging information.
  59. Click
    Finished
    .
After performing this task, you can see the custom Client SSL profile in the list of Client SSL profiles on the system.
To use this profile, you must assign it to a virtual server. See
Assigning SSL profiles to a virtual server
 for detailed information.

Create a custom Server SSL profile

With a Server SSL profile, the BIG-IP system can perform decryption and encryption for server-side SSL traffic.
  1. On the Main tab, click
    Local Traffic
    Profiles
    SSL
    Server
    .
    The Server SSL profile list screen opens.
  2. Click
    Create
    .
    The New Server SSL Profile screen opens.
  3. In the
    Name
     field, type a unique name for the profile.
  4. From the
    Parent Profile
     list, select
    serverssl
    .
  5. From the
    Configuration
     list, select
    Advanced
    .
  6. Select the
    Custom
     check box.
    The settings become available for change.
  7. From the
    Certificate
     list, select the name of an SSL certificate on the BIG-IP system.
    If the BIG-IP system is part of a DSC Sync-Failover group, always select a non-default certificate name, and ensure that this same certificate name is specified in every instance of this SSL profile in the device group. Taking these actions helps to ensure that SSL handshakes are successful after a failover event.
  8. From the
    Key
     list, select the name of an SSL key on the BIG-IP system.
    If the BIG-IP system is part of a DSC Sync-Failover group, always select a non-default key name, and ensure that this same key name is specified in every instance of this SSL profile in the device group. Taking these actions helps to ensure that SSL handshakes are successful after a failover event.
  9. In the
    Pass Phrase
     field, type a pass phrase that enables access to the certificate/key pair on the BIG-IP system.
  10. From the
    Chain
     list, select the name of an SSL chain on the BIG-IP system.
  11. The
    SSL Forward Proxy
     setting when Enabled, specifies that the system encrypts all traffic between a client and the BIG-IP system using one certificate, and encrypts all traffic between the BIG-IP system and the server using a different certificate. You must create both a Client SSL and a Server SSL profile, and enable SSL Forward Proxy and SSL Forward Proxy Bypass in both profiles.
  12. The
    SSL Forward Proxy Bypass
     setting when Enabled, specifies that SSL traffic that meets the criteria specified in the SSL Forward Proxy Bypass settings of the assigned Client SSL profile of the virtual server can bypass SSL forward proxy.
  13. The
    Bypass on Handshake Alert
     setting enables or disables SSL forward proxy bypass on receiving a
    handshake_failure
    ,
    protocol_version
    , or
    unsupported_extension
     alert message during the server-side SSL handshake. When this occurs, SSL traffic bypasses the BIG-IP system untouched, without decryption/encryption. The default is
    Disabled
    .
  14. The
    Bypass on Client Cert Failure
     setting enables or disables SSL forward proxy bypass on failing to get client certificate that the server asks for. When this occurs, SSL traffic bypasses the BIG-IP system untouched, without decryption/encryption. The default is
    Disabled
    .
  15. The
    Verified Handshake
     setting when Enabled, specifies that in SSL forward proxy mode, the system should always do a TLS handshake with the server first before doing the client handshake. When Disabled, the system performs the server handshake first only if it has not previously forged and cached the server certificate; once the server certificate is ready, the system always perform a handshake first with the client. The default value is Disabled.
  16. The
    Ciphers
     setting is optional. By default, the Client SSL profile uses the DEFAULT cipher string. In most cases, the DEFAULT cipher string is appropriate, but you can customize it as necessary to meet the security and performance needs of your site. Specify a cipher group or cipher string by choosing one of these options.
    If you specified an ECDSA certificate key chain in the
    Certificate Key Chain
     setting, you must include the cipher string
    ECDHE_ECDSA
     in the cipher group or cipher string that you specify in the
    Ciphers
     setting. (At a minimum, you should specify a cipher group or string such as
    DEFAULT:ECDHE_ECDSA
    .) This is necessary to ensure successful cipher negotiation when the BIG-IP system is offered an ECDSA-based certificate only.
    Option
    Description
    Cipher Group
    Select an existing cipher group from the list when you want to use a system-defined or custom cipher group to define the ciphers that the BIG-IP system uses for negotiating SSL connections. Here's an example of the
    Ciphers
     setting where we've selected a custom cipher group that we created earlier.
    Cipher String
    Type a cipher string in the box if you want to manually specify a cipher string instead of selecting a cipher group. For security and performance reasons, consider following these recommendations:
    • Always append ciphers to the
      DEFAULT
       cipher string.
    • Type a cipher string that includes the ECC key type, because its shorter length speeds up encryption and decryption while still offering virtually the same level of security.
    • Disable ADH ciphers but also include the keyword
      HIGH
      . To do this, just include both
      !ADH
       and
      :HIGH
       in your cipher string.
    • For AES, DES, and RC4 encryption types, make sure you specify the DHE key exchange method. DHE uses
      Forward Privacy
      , which creates a key that it throws away after each session so that the same session key never gets used twice. When you use DHE, make sure that the SSL private key isn't being shared with a monitoring system or a security device like an intrusion detection or prevention system. Also, diagnostic tools like
      ssldump
       won't work when you're using Forward Secrecy.
    • Disable EXPORT ciphers by including
      !EXPORT
       in the cipher string.
    • If you can live with removing support for the SSLv3 protocol version, do it. This protocol version is not secure. Simply include
      :!SSLv3
       in any cipher string you type.
    Here's an example of the
    Ciphers
     setting where we have opted to manually type the cipher string
    DEFAULT:ECDHE-RSA-AES-128-GCM-SHA256:!ADH:!EXPORT:HIGH
    :
  17. When enabled, (
    Options List
    ) references the
    Options List
     setting, which are industry standard SSL options and workarounds for handling SSL processing. The default setting is
    All Options Disabled
    .
  18. The
    Options List
     setting provides selection from a set of industry standard SSL options and workarounds for handling SSL processing.
  19. The
    Data 0-RTT
     setting when Enabled, specifies that you can initiate a server connection for early data so to receive the benefits of early data delivered to the server-side early. The default value is Disabled.
  20. When the
    Proxy SSL
     setting is enabled, the client can directly authenticate with the server, and the server can authenticate with the client, based on the client certificate presented. In a typical setup, with the BIG-IP system in the middle, the client and server cannot communicate directly to authenticate each other. The Proxy SSL setting requires both a Client SSL profile and a Server SSL profile, and you must enable the setting in both profiles. For information about the Proxy SSL setting, refer to the following resources:
    2. The
      Implementing Proxy SSL on a Single BIG-IP system
       chapter in this guide.
  21. The
    Proxy SSL Passthrough
     setting allows Proxy SSL to pass traffic when the cipher suite negotiated between client and server is not supported. Disabled by default. If you enable it, you should enable this setting on the server SSL profile as well.
  22. The
    ModSSL Methods
     setting enables or disables ModSSL method emulation. Disabled (cleared) by default. Enable this setting when OpenSSL methods are inadequate. For example, enable it when you want to use SSL compression over TLSv1. When you enable this setting, you can then write an iRule, using the
    HTTP::header insert_modssl_fields
     command, which inserts some of the ModSSL options as headers into HTTP requests. See
    ModSSL options for use with iRules
     section of the
    Additional SSL Profile Configuration Options
     chapter in this guide.
  23. The
    Cache Size
     setting specifies the maximum number of SSL sessions allowed in the SSL session cache. The default value for Cache Size is 262144 sessions. A value of
    0
     disallows session caching.
  24. The
    Cache Timeout
     setting specifies the number of seconds that the system allows SSL sessions to remain in the SSL session cache before removing them. The default value for Cache Timeout is 3600 seconds. The range of values configurable for Cache Timeout is between 0 and 86400 seconds inclusive.
    Longer cache timeout periods can increase the risk of SSL session hijacking.
  25. The
    Alert Timeout
     setting specifies the duration in time for the system to try to close an SSL connection before resetting the connection. The default is Indefinite.
    1. Specify
      : Specifies the number of seconds for the system to wait before resetting the connection.
    2. Indefinite
      : Specifies that the connection does not time out.
    3. Immediate
      : Specifies that the connection times out immediately.
  26. The
    Handshake Timeout
     setting specifies the number of seconds that the system tries to establish an SSL connection before terminating the operation. Selecting Indefinite specifies that the system continues trying to establish a connection for an unlimited time.
  27. Configure the
    Renegotiation
     setting to control if the virtual server allows midstream session renegotiation. When enabled (default), Renegotiation allows the BIG-IP system to process midstream SSL renegotiation requests. When disabled, the system either terminates the connection or ignores the request, depending on system configuration. See
    Additional SSL Profile Configuration Options
     chapter in this guide for more details.
  28. The
    Renegotiation Period
     setting indicates the amount of time before the system renegotiates the SSL session after the initial connection. If you set it to Indefinite (default), the system does not renegotiate the SSL session.
  29. The
    Renegotiation Size
     setting indicates the amount of application data in megabytes the system must receive from the time of initial connection before it renegotiates the SSL session. If set to Indefinite (default), the system does not renegotiate the SSL session.
  30. The
    Secure Renegotiation
     setting specifies the method of secure renegotiation for SSL connections. The default value for the Client SSL profile is
    Require
    . The values for the Secure Renegotiation setting in the Client SSL profile are as follows:
    1. Request
      : Specifies that the system requests secure renegotiation of SSL connections.
    2. Require
      : Specifies that the system requires secure renegotiation of SSL connections. In this mode, the system permits initial SSL handshakes from clients but terminates renegotiations from clients that do not support secure renegotiation.
    3. Require Strict
      : Specifies that the system requires strict, secure renegotiation of SSL connections. In this mode, the system denies initial SSL handshakes from clients that do not support secure renegotiation.
  31. The
    Server Name
     setting specifies the fully qualified DNS hostname of the server, or a wildcard string containing the asterisk (*) character to match multiple names, used in the TLS SNI connection. There is no default value for this setting. For information about configuring the TLS SNI feature on the BIG-IP system, see K13452: Configuring a virtual server to serve multiple HTTPS sites using TLS Server Name Indication feature.
  32. When enabled, the
    Default SSL Profile for SNI
     setting indicates that the system should use the profile as the default SSL profile when there is no match to the server name or when the client does not support TLS SNI extension. This setting is disabled by default. For information about configuring the TLS SNI feature on the BIG-IP system, see K13452: Configuring a virtual server to serve multiple HTTPS sites using TLS Server Name Indication feature.
  33. When enabled, the
    Require Peer SNI Support
     setting requires that the client support the TLS SNI extension; otherwise, the BIG-IP system disconnects the client connection with a fatal alert. This setting is disabled by default.
  34. The
    Unclean Shutdown
     setting allows the BIG-IP system to perform an unclean shutdown of SSL connections by closing the underlying TCP connection without sending the SSL close notify alerts. By default, this setting is enabled (selected) and is useful for certain browsers that handle SSL shutdown alerts differently. For example, some versions of Internet Explorer require SSL shutdown alerts from the server while other versions do not, and the SSL profile cannot always detect this requirement. In the case where the browser expects a shutdown alert but the SSL profile has not exchanged one (the default setting), the browser displays an error message.
  35. The
    Strict Resume
     setting enables or disables the resumption of SSL sessions after an unclean shutdown.
  36. The BIG-IP SSL profiles support the stateless TLS session resumption mechanism as described in Internet Engineering Task Force (RFC 5077) . This mechanism allows the BIG-IP system to encapsulate the TLS session state as a ticket to the client and allows the client to subsequently resume a TLS session using the same ticket. Disabled (cleared) by default.
  37. The
    Session Mirroring
     setting enables or disables the mirroring of SSL session ID data to a high-availability peer. The default setting is Disabled, preventing the system from mirroring SSL session ID data.
  38. When enabled (default), the
    Generic Alert
     setting causes the system to send all SSL alerts using a generic handshake failure message. When the setting is disabled, the system sends more specific SSL alert messages.
  39. The
    SSL Sign Hash
     setting specifies the hash algorithm that the BIG-IP system uses to sign server key exchanges with the Diffie-Hellman (DHE), including Elliptic Curve (ECDHE) ciphers, and for certificate verify messages. Possible choices are SHA1, SHA256, SHA384, or Any. When you select Any, you authorize the system to choose any one of the hash algorithms. The BIG-IP system respects the client signature_algorithms extension as defined in TLS 1.2. When possible, the BIG-IP system prefers SHA256 in the handshake signature based on the content of the signature_algorithms extension. The BIG-IP system further upgrades the hash algorithm to Hash SHA384 from SHA256 when P-384 is used. The BIG-IP system attempts to avoid the use of SHA1 in a TLS handshake, except in the case when signatures are used in X.509 certificates (these signatures are created by the X.509 Certificate Authority). The only time the BIG-IP system uses the SHA1 handshake signature is when an RSA key is used and the signature_algorithms extension is missing or - signature_algorithms is present and only lists SHA1.
  40. The
    Max Active Handshakes
     setting limits the number of concurrent SSL handshakes. When the number of active SSL handshakes reaches the specified limit, the system terminates the most recent SSL handshake. The default setting is Indefinite, which means that there is no limit.
  41. In the
    Server Authentication
     section, the
    Server Certificate
     specifies how the system handles server certificates. The possible options for this setting are:
    1. Ignore
      : The Ignore setting is the default setting. The BIG-IP system ignores certificates from the server and never authenticate the server.
    2. Require
      : The Require setting enforces server authentication. The BIG-IP system requires the server to present a valid certificate before establishing the SSL session. A blank
      Authenticate Name
       setting indicates that all servers are authenticated, even though you have specified
      Require
       as the
      Server Certificate
       setting.
  42. The
    Expire Certificate Response Control
     setting specifies how the system handles SSL connections when the server certificate expires. The default value for this setting is
    drop
    , which causes the SSL connection to be dropped. Conversely, configuring this setting to
    ignore
     causes the system to ignore the expired server certificate and proceed with establishing the connection.
  43. The
    Untrusted Certificate Response Control
     setting specifies how the system handles SSL connections when the server certificate has an untrusted CA. The default value for this setting is
    drop
    , which causes the SSL connection to be dropped. Conversely, configuring this setting to
    ignore
     causes the system to ignore the untrusted CA and proceed with establishing the connection.
  44. The
    Revoke Certificate Status Response Control
     setting takes effect when the
    Server Certificate
     setting is set to
    require
    . This setting specifies how the system handles SSL connections from clients when the server certificate status is revoked. The default value for this setting is
    drop
    . However in BIG-IP 16.1.0, the default value is
    ignore
     if the server SSL profile is enabled with ssl-forward-proxy; this is due to ID 911777. When the value is
    drop
    , the system drops SSL connections from clients when the server certificate status is revoked. When the value is
    ignore
    , the system ignores the revoked server certificate status and allows the SSL connection by forging a unique server certificate with revoked status to send to the client. When the value is
    mask
    , the system masks the server certificate status error and continues the SSL handshake with the client. This setting is typically used in SSL forward proxy configuration with certificate status service enabled such as an SSL Orchestrator L3 Outbound deployment with a local OCSP responder. For more information, refer to K65136200: Overview of the local OCSP responder feature for F5 SSL Orchestrator.
  45. The
    Unknown Certificate Status Response Control
     setting takes effect when the
    Server Certificate
     setting is set to
    require
    . This setting specifies how the system handles SSL connections from clients when the server certificate status is unknown. The default value for this setting is
    ignore
    . When the value is
    ignore
    , the system ignores the unknown server certificate status and allows the SSL connection by forging a unique server certificate with unknown status to send to the client. When the value is
    mask
    , the system masks the server certificate status error and continues the SSL handshake with the client. When the value is
    drop
    , the system drops SSL connections from clients when the server certificate status is unknown. This setting is typically used in SSL forward proxy configuration with certificate status service enabled such as an SSL Orchestrator L3 Outbound deployment with a local OCSP responder. For more information, refer to K65136200: Overview of the local OCSP responder feature for F5 SSL Orchestrator.
  46. The
    Frequency
     setting specifies the frequency of server authentication for an SSL session. The default value for this setting is
    Once
    , which causes the system to authenticate the server for an SSL session only once. When you configure this setting to
    Always
    , the system authenticates the server for an SSL session and every subsequent reuse of the SSL session.
  47. The
    Retain Certificate
     setting when enabled, specifies that the server certificate is retained in SSL session. The default value is true (selected).
  48. The
    Certificate Chain Traversal Depth
     setting specifies the maximum number of certificates that the system traverses in a server certificate chain. The default value is
    9
    .
  49. The
    Authenticate Name
     setting specifies a Common Name (CN) that is iframed in a server certificate. The system authenticates a server based on the specified CN. There is no default value for this setting.
  50. The
    Trusted Certificate Authorities
     setting is optional. The system uses this setting to specify the CAs that the BIG-IP system trusts when verifying a server certificate. The default value for this setting is
    None
    , which causes the system to accept a server certificate signed by any CA. If you choose
    Require
     for the
    Server Certificate
     setting, you must specify a CA from the
    Trusted Certificate Authorities
     setting. The selected CA is trusted by the system when verifying a server certificate. The
    ca-bundle
     certificate may be appropriate for use as a Trusted Certificate Authorities certificate bundle. However, if this bundle is specified as the Trusted Certificate Authorities certificate store, any valid server certificate that is signed by one of the popular root CAs included in the default
    ca-bundle.crt
     is authenticated. This provides some level of identification, but very little access control because almost any valid server certificate could be authenticated.
    If you want to trust only a server certificate that has been signed by a private PKI or set of private PKIs, F5 recommends that you create and install a custom certificate bundle that contains the private PKI certificates, including the CA that directly signed your servers' certificates. You can then choose the new certificate bundle in the
    Trusted Certificate Authorities
     setting. For information about creating a custom certificate bundle, refer to K13302: Configuring the BIG-IP system to use an SSL chain certificate (11.x - 16.x).
  51. The
    OCSP
     setting specifies the SSL client certificate constrained delegation OCSP object that the BIG-IP system's SSL should use to connect to the OCSP responder and check the client certificate status. You can click the + icon to open the create-new OCSP object screen.
  52. The
    CRL
     setting specifies the SSL client certificate constrained delegation CRL object that the BIG-IP system's SSL should use. You can click the + icon to open the create-new CRL object screen.
  53. The
    Certificate Revocation List (CRL)
     or
    CRL File
     setting allows you to specify a CRL that the BIG-IP system should use to check revocation status of a certificate before the system authenticates a server. If you want to use a CRL, you must import it to the BIG-IP system. You can then choose the name of the CRL file using the
    Certificate Revocation List (CRL)
     or
    CRL File
     setting. For information about importing an SSL CRL file, refer to K14620: Managing SSL certificates for BIG-IP systems using the Configuration utility. Because CRLs can quickly become outdated, F5 recommends that you use either OCSP or CRLDP profiles for more robust and current verification functionality.
  54. The
    Allow Expired CRL
     setting instructs the system to use the specified CRL file, even if it has expired. Disabled by default.
  55. The
    Client Certificate Constrained Delegation
     setting enables or disables SSL Client certificate constrained delegation.
  56. The
    CA Certificate
     setting specifies the name of the certificate file that is used as the certification authority certificate. The certificate should be generated and installed by you on the system.
  57. The
    CA Key
     setting specifies the name of the key file that is used as the certification authority key. The key should be generated and installed by you on the system.
  58. The
    CA Passphrase
     setting specifies the passphrase of the key file that is used as the certification authority key.
  59. The
    Confirm CA Passphrase
     setting confirms the
    CA Passphrase
     you specified.
  60. The
    Certificate Lifespan
     setting specifies the lifespan of the certificate generated using the SSL client certificate constrained delegation. The default is
    1
     day,
    0
     hours.
  61. The
    Certificate Extensions
     setting specifies the extensions of the client certificates to be included in the generated certificates.
    1. Basic Constraints
      : Uses basic constraints to indicate whether the certificate belongs to a CA.
    2. Extended Key Usage
      : Uses Extended Key Usage, typically on a leaf certificate, to indicate the purpose of the public key contained in the certificate.
    3. Key Usage
      : Provides a bitmap specifying the cryptographic operations that may be performed using the public key contained in the certificate. For example, it may indicate that the key should be used for signature but not for encoding.
    4. Subject Alternative Name
      : Allows identities to be bound to the subject of the certificate. These identities may be included in addition to, or in place of, the identity in the subject of the certificate.
  62. The
    Certificate Extensions List
     setting provides the list of enabled extensions and a list of available extension. When you disable an extension in the
    Enabled Extensions
     list, it moves to the
    Available Extensions
     list. When you enable an extension in the
    Available Extensions
     list, it moves to the
    Enabled Extensions
     list. You can also specify a
    Custom Extension
     representing the OID of the client certificates to be included in the generated certificates.
  63. In the
    Logging
     section, the
    Log Publisher
     setting specifies the defined Log Publisher for the system to use for logging information.
  64. Click
    Finished
    .
After performing this task, you can see the custom Server SSL profile in the list of Server SSL profiles on the system.
By default, TLSv1.3 is disabled in this configuration.
To use this profile, you must assign it to a virtual server. See the
Assigning SSL profiles to a virtual server
 section for detailed information.

Create a custom Client SSL profile that supports SM2

You create a custom Client SSL profile when you want the BIG-IP® system to terminate client-side SSL traffic for the purpose of decrypting client-side ingress traffic and encrypting client-side egress traffic. By terminating client-side SSL traffic, the BIG-IP system offloads these decryption/encryption functions from the destination server. When you perform this task, you can specify multiple certificate key chains, one for each key type (RSA, DSA, and ECDSA). This allows the BIG-IP system to negotiate secure client connections using different cipher suites based on the client's preference.
F5 has added SM2, SM3, and SM4 Cryptographic Algorithm support for the Chinese market. The algorithms were independently developed by the China State Cryptography Administration, where SM2 is the public key algorithm, SM3 is the hash algorithm, and SM4 is the block cipher algorithm. SM2 is based on the Elliptic Curve Discrete Logarithm Problem (ECDLP). Also see the following sections for details importing, exporting, and managing a certificate and key with SM2 license.
Before you create a customer Client SSL profile that supports SM2, create an SM2 cipher rule and cipher group.
  1. Create an SM2 Cipher Rule
  2. On the Main tab, click
    Local Traffic
    Ciphers
    Rules
    .
    The Ciphers Rules screen opens.
  3. Click
    Create
    .
    The New Cipher Rule screen opens.
  4. In the
    Name
     field, type a unique name for your SM2 cipher rule.
  5. In the
    Cipher Suites
     field, type the following cipher suites string:
    ECC-SM4-SM3
  6. In the
    DH Groups
     field, type the following DH groups string:
    SM2P256
  7. In the
    Signature Algorithms
     field, type the following signature algorithm string:
    SM2-SM3
  8. Click
    Finished
    . You are now ready to create a cipher group.
  9. Create an SM2 Cipher Group
  10. On the Main tab, click
    Local Traffic
    Ciphers
    Groups
    .
    The Ciphers Groups screen opens.
  11. Click
    Create
    .
    The New Cipher Group screen opens.
  12. In the
    Name
     field, type a unique name for your SM2 cipher group.
  13. In the
    Group Details
     area, select the check box next to the SM2 cipher rule from the
    Available Rules
     list.
  14. Select the arrows next to the
    Allow the following
     field to move the selected SM2 cipher rule to this field.
  15. Click
    Finished
    . You are now ready to create your custom Client SSL profile that supports SM2.
  16. Create a Custom Client SSL Profile that supports SM2
  17. On the Main tab, click
    Traffic
    Profiles
    SSL
    Client
    .
    he Client SSL profile list screen opens.
  18. Click
    Create
    .
    The New Client SSL Profile screen opens.
  19. In the
    Name
     field, type a unique name for the profile.
  20. From the
    Parent Profile
     list, select
    clientssl
    .
  21. Select the
    Custom
     check box.
    The settings become available for change.
  22. From the
    Configuration
     list, select
    Advanced
    .
  23. For the
    Mode
     setting, select the
    Enabled
     check box.
  24. or the
    Certificate Key Chain
     setting, click
    Add
    . For SM2 client profile, select
    SM2
     file type from the Certificate, Key, and Chain lists.
    1. From the
      Certificate
       list, select a certificate name. // This is the name of a certificate that you installed on the BIG-IP system. If you have not generated a certificate request nor installed a certificate on the BIG-IP system, and the BIG-IP system is not part of a device service clustering (DSC) configuration, you can specify the name of the existing certificate named default. // Important: If the BIG-IP system is part of a DSC Sync-Failover group, always select a non-default certificate name, and ensure that this same certificate name is specified in every instance of this SSL profile in the device group. Taking these actions helps to ensure that SSL handshakes are successful after a failover event.
    2. From the
      Key
       list, select the name of the key associated with the certificate specified in the previous step. // This is the name of a key that you installed on the BIG-IP system. If you have not installed a key on the BIG-IP system, and the BIG-IP system is not part of a device service clustering (DSC) configuration, you can specify the name of the existing key named default. // Important: If the BIG-IP system is part of a DSC Sync-Failover group, always select a non-default key name, and ensure that this same key name is specified in every instance of this SSL profile in the device group. Taking these actions helps to ensure that SSL handshakes are successful after a failover event.
    3. From the
      Chain
       list, select the chain that you want to include in the certificate key chain. // A certificate chain can contain either a series of public key certificates in Privacy Enhanced Mail (PEM) format or a series of one or more PEM files. A certificate chain can contain certificates for Intermediate certificate Authorities (CAs). // Note: The default self-signed certificate and the default CA bundle certificate are not appropriate for use as a certificate chain.
    4. For the
      Passphrase
       field, type a string that enables access to SSL certificate/key pairs that are stored on the BIG-IP system with password protection. // This setting is optional. For added security, the BIG-IP system automatically encrypts the pass phrase itself. This pass phrase encryption process is invisible to BIG-IP system administrative users.
  25. Click
    Add
  26. For the
    Ciphers
     setting, specify a
    Cipher Group
     and select the existing
    SM2
     custom cipher group to define the ciphers that the BIG-IP system uses for negotiating SSL connections.
  27. For the
    Options List
     setting, select the following as Enabled Options:
    • GMSSLv1.1
    • No SSL
    • No TLS
    • No DTLS
  28. Click
    Finished
    .
After performing this task, you can see the custom Client SSL profile that supports SM2 in the list of Client SSL profiles on the system.

Create a custom Client SSL profile that supports C3D

You create a custom Client SSL profile when you want the BIG-IP system to terminate client-side SSL traffic for the purpose of decrypting client-side ingress traffic and encrypting client-side egress traffic. By terminating client-side SSL traffic, the BIG-IP system offloads these decryption/encryption functions from the destination server. When you perform this task, you can specify multiple certificate key chains, one for each key type (RSA, DSA, and ECDSA). This allows the BIG-IP system to negotiate secure client connections using different cipher suites based on the client's preference.
At a minimum, you must specify a certificate key chain that includes an RSA key pair. Specifying certificate key chains for DSA and ECDSA key pairs is optional, although highly recommended.
  1. On the Main tab, click
    Local Traffic
    Profiles
    SSL
    Client
    .
    The Client SSL profile list screen opens.
  2. Click
    Create
    .
    The New Client SSL Profile screen opens.
  3. In the
    Name
     field, type a unique name for the profile.
  4. From the
    Parent Profile
     list, select
    clientssl
    .
  5. Select the
    Custom
     check box.
    The settings become available for change.
  6. From the
    Configuration
     list, select
    Advanced
    .
  7. For the
    Mode
     setting, select the
    Enabled
     check box.
  8. For the
    Certificate Key Chain
     setting, click
    Add
    .
    1. From the
      Certificate
       list, select a certificate name.
      This is the name of a certificate that you installed on the BIG-IP system. If you have not generated a certificate request nor installed a certificate on the BIG-IP system, and the BIG-IP system is not part of a device service clustering (DSC) configuration, you can specify the name of the existing certificate named
      default
      .
      If the BIG-IP system is part of a DSC Sync-Failover group, always select a non-default certificate name, and ensure that this same certificate name is specified in every instance of this SSL profile in the device group. Taking these actions helps to ensure that SSL handshakes are successful after a failover event.
    2. From the
      Key
       list, select the name of the key associated with the certificate specified in the previous step.
      This is the name of a key that you installed on the BIG-IP system. If you have not installed a key on the BIG-IP system, and the BIG-IP system is not part of a device service clustering (DSC) configuration, you can specify the name of the existing key named
      default
      .
      If the BIG-IP system is part of a DSC Sync-Failover group, always select a non-default key name, and ensure that this same key name is specified in every instance of this SSL profile in the device group. Taking these actions helps to ensure that SSL handshakes are successful after a failover event.
    3. From the
      Chain
       list, select the chain that you want to include in the certificate key chain.
      A certificate chain can contain either a series of public key certificates in Privacy Enhanced Mail (PEM) format or a series of one or more PEM files. A certificate chain can contain certificates for Intermediate certificate Authorities (CAs).
      The default self-signed certificate and the default CA bundle certificate are not appropriate for use as a certificate chain.
    4. For the
      Passphrase
       field, type a string that enables access to SSL certificate/key pairs that are stored on the BIG-IP system with password protection.
      This setting is optional. For added security, the BIG-IP system automatically encrypts the pass phrase itself. This pass phrase encryption process is invisible to BIG-IP system administrative users.
    5. Click
      Add
      .
  9. In the
    Certificate Key Chain
     setting, click
    Add
     again, and repeat the process for all certificate key chains that you want to specify.
    At a minimum, you must specify an RSA certificate key chain.
    The result is that all specified key chains appear in the text box.
  10. To enable OCSP stapling, select the
    OCSP Stapling
     check box.
    To enable OCSP stapling, you must first create an OCSP Stapling profile. See
    Creating an OCSP stapling profile
     for detailed steps.
  11. If you want to
    Notify Certificate Status to Virtual Server
    , select the check box.
  12. The
    Ciphers
     setting is optional. By default, the Client SSL profile uses the DEFAULT cipher string. In most cases, the DEFAULT cipher string is appropriate, but you can customize it as necessary to meet the security and performance needs of your site. Specify a cipher group or cipher string by choosing one of these options.
    If you specified an ECDSA certificate key chain in the
    Certificate Key Chain
     setting, you must include the cipher string
    ECDHE_ECDSA
     in the cipher group or cipher string that you specify in the
    Ciphers
     setting. (At a minimum, you should specify a cipher group or string such as
    DEFAULT:ECDHE_ECDSA
    .) This is necessary to ensure successful cipher negotiation when the BIG-IP system is offered an ECDSA-based certificate only.
    Option
    Description
    Cipher Group
    Select an existing cipher group from the list when you want to use a system-defined or custom cipher group to define the ciphers that the BIG-IP system uses for negotiating SSL connections. Here's an example of the
    Ciphers
     setting where we've selected a custom cipher group that we created earlier.
    Cipher String
    Type a cipher string in the box if you want to manually specify a cipher string instead of selecting a cipher group. For security and performance reasons, consider following these recommendations:
    • Always append ciphers to the
      DEFAULT
       cipher string.
    • Type a cipher string that includes the ECC key type, because its shorter length speeds up encryption and decryption while still offering virtually the same level of security.
    • Disable ADH ciphers but also include the keyword
      HIGH
      . To do this, just include both
      !ADH
       and
      :HIGH
       in your cipher string.
    • For AES, DES, and RC4 encryption types, make sure you specify the DHE key exchange method. DHE uses
      Forward Privacy
      , which creates a key that it throws away after each session so that the same session key never gets used twice. When you use DHE, make sure that the SSL private key isn't being shared with a monitoring system or a security device like an intrusion detection or prevention system. Also, diagnostic tools like
      ssldump
       won't work when you're using Forward Secrecy.
    • Disable EXPORT ciphers by including
      !EXPORT
       in the cipher string.
    • If you can live with removing support for the SSLv3 protocol version, do it. This protocol version is not secure. Simply include
      :!SSLv3
       in any cipher string you type.
    Here's an example of the
    Ciphers
     setting where we have opted to manually type the cipher string
    DEFAULT:ECDHE-RSA-AES-128-GCM-SHA256:!ADH:!EXPORT:HIGH
    :
  13. For the Client Authentication area, select the
    Custom
     check box.
  14. For
    Client Certificate
     list, specify whether you want to
    ignore
    ,
    require
    , or
    request
     the client certificate authentication.
  15. If you are enabling C3D, from the
    Trusted Certificate Authorities
     list, you must select a trusted CA bundle.
  16. Select the
    Custom
     check box for the Client Certificate Constrained Delegation area.
    The settings become available for change.
    See
    About client certificate constrained delegation
     prior to enabling C3D.
  17. For the
    Client Certificate Constrained Delegation
     setting, select
    Enabled
    .
  18. From the
    OCSP
     list, select the object that the BIG-IP system's SSL should use to connect to the OCSP responder and check the client certificate status.
    You can click the
    +
     icon to open the create-new OCSP object screen. See
    Creating an OCSP stapling profile
     for detailed steps.
  19. For the
    Unknown OCSP Response Control
     list, specify the action the system takes when the OCSP object returns an unknown status:
    • If you want the connection to be dropped, retain the default value
      Drop
      .
    • If you want the connection to ignore the unknown status and continue, Select
      Ignore
      .
  20. Click
    Finished
    .
After performing this task, you can see the custom Client SSL profile in the list of Client SSL profiles on the system.
To use this profile, you must assign it to a virtual server. See
Assigning SSL profiles to a virtual server
 for detailed information.

Create a custom Server SSL profile that supports C3D

With a Server SSL profile, the BIG-IP system can perform decryption and encryption for server-side SSL traffic.
For detailed information on how to complete the client certificate constrained delegation (C3D) configuration and ensure that your custom server SSL profile is set up properly, see
About client certificate constrained delegation
 before completing your custom profile setup.
  1. On the Main tab, click
    Local Traffic
    Profiles
    SSL
    Server
    .
    The Server SSL profile list screen opens.
  2. Click
    Create
    .
    The New Server SSL Profile screen opens.
  3. In the
    Name
     field, type a unique name for the profile.
  4. From the
    Parent Profile
     list, select
    serverssl
    .
  5. From the
    Configuration
     list, select
    Advanced
    .
  6. Select the
    Custom
     check box.
    The settings become available for change.
  7. From the
    Certificate
     list, select the name of an SSL certificate on the BIG-IP system.
    If the BIG-IP system is part of a DSC Sync-Failover group, always select a non-default certificate name, and ensure that this same certificate name is specified in every instance of this SSL profile in the device group. Taking these actions helps to ensure that SSL handshakes are successful after a failover event.
  8. From the
    Key
     list, select the name of an SSL key on the BIG-IP system.
    If the BIG-IP system is part of a DSC Sync-Failover group, always select a non-default key name, and ensure that this same key name is specified in every instance of this SSL profile in the device group. Taking these actions helps to ensure that SSL handshakes are successful after a failover event.
  9. In the
    Pass Phrase
     field, type a pass phrase that enables access to the certificate/key pair on the BIG-IP system.
  10. From the
    Chain
     list, select the name of an SSL chain on the BIG-IP system.
  11. The
    Ciphers
     setting is optional. By default, the Client SSL profile uses the DEFAULT cipher string. In most cases, the DEFAULT cipher string is appropriate, but you can customize it as necessary to meet the security and performance needs of your site. Specify a cipher group or cipher string by choosing one of these options.
    If you specified an ECDSA certificate key chain in the
    Certificate Key Chain
     setting, you must include the cipher string
    ECDHE_ECDSA
     in the cipher group or cipher string that you specify in the
    Ciphers
     setting. (At a minimum, you should specify a cipher group or string such as
    DEFAULT:ECDHE_ECDSA
    .) This is necessary to ensure successful cipher negotiation when the BIG-IP system is offered an ECDSA-based certificate only.
    Option
    Description
    Cipher Group
    Select an existing cipher group from the list when you want to use a system-defined or custom cipher group to define the ciphers that the BIG-IP system uses for negotiating SSL connections. Here's an example of the
    Ciphers
     setting where we've selected a custom cipher group that we created earlier.
    Cipher String
    Type a cipher string in the box if you want to manually specify a cipher string instead of selecting a cipher group. For security and performance reasons, consider following these recommendations:
    • Always append ciphers to the
      DEFAULT
       cipher string.
    • Type a cipher string that includes the ECC key type, because its shorter length speeds up encryption and decryption while still offering virtually the same level of security.
    • Disable ADH ciphers but also include the keyword
      HIGH
      . To do this, just include both
      !ADH
       and
      :HIGH
       in your cipher string.
    • For AES, DES, and RC4 encryption types, make sure you specify the DHE key exchange method. DHE uses
      Forward Privacy
      , which creates a key that it throws away after each session so that the same session key never gets used twice. When you use DHE, make sure that the SSL private key isn't being shared with a monitoring system or a security device like an intrusion detection or prevention system. Also, diagnostic tools like
      ssldump
       won't work when you're using Forward Secrecy.
    • Disable EXPORT ciphers by including
      !EXPORT
       in the cipher string.
    • If you can live with removing support for the SSLv3 protocol version, do it. This protocol version is not secure. Simply include
      :!SSLv3
       in any cipher string you type.
    Here's an example of the
    Ciphers
     setting where we have opted to manually type the cipher string
    DEFAULT:ECDHE-RSA-AES-128-GCM-SHA256:!ADH:!EXPORT:HIGH
    :
  12. In the same area of the screen, configure any other settings as needed.
  13. Select the
    Custom
     check box for the Server Authentication area of the screen.
    The settings become available for change.
  14. Change or retain the values for all Server Authentication settings as needed.
  15. If you intend to use OCSP stapling, then from the
    OCSP
     list, select the OCSP object that the BIG-IP system's SSL should use to connect to the OCSP responder and to check the server certificate status. You can click the + icon to open the create-new OCSP object screen.
    The OCSP stapling object can be added in both forward and reverse proxy configurations. When the server
    SSL Forward Proxy
     property is set to
    Enabled
    , the forward proxy OCSP object is used to validate and staple the web server's certificate status. When the server
    SSL Forward Proxy
     property is set to
    Disabled
    , the reverse proxy OCSP object is used to reset the client connection if the web server certificate has been revoked.
  16. Select the
    Custom
     check box for the Client Certificate Constrained Delegation section.
    The settings become available for change.
    See
    About client certificate constrained delegation
     prior to enabling C3D.
  17. From the
    Client Certificate Constrained Delegation
     setting, select
    Advanced
    .
  18. From the
    Client Certificate Constrained Delegation
     list, select
    Enabled
    .
  19. From the
    CA Certificate
     list, select the name of the certificate file that is used as the certification authority certificate.
  20. From the
    CA Key
     list, select the name of the key file that is used as the certification authority key.
  21. In the
    CA Passphrase
     field, type the passphrase of the key file that is used as the certification authority key.
    This should be the passphrase corresponding to the specified
    CA Key
    .
  22. For the
    Confirm CA Passphrase
     field, type the identical passphrase.
  23. For the
    Certificate Lifespan
     fields, type the lifespan of the certificate generated that is using the SSL client certificate constrained delegation.
    The default is
    1
     day,
    0
     hours.
  24. To define the extensions of the client certificates to be included in the generated certificates, from the
    Certificate Extensions
     list, select
    Extensions List
    .
  25. For the
    Certificate Extensions List
     setting, click
    Disable
     or
    Enable
     to add or remove available extensions.
    • Basic Constraints
      : Uses basic constraints to indicate whether the certificate belongs to a CA.
    • Extended Key Usage
      : Uses Extended Key Usage, typically on a leaf certificate, to indicate the purpose of the public key contained in the certificate.
    • Key Usage
      : Provides a bitmap specifying the cryptographic operations that may be performed using the public key contained in the certificate; for example, it could indicate that the key should be used for signature but not for enciphering.
    • Subject Alternative Name
      : Allows identities to be bound to the subject of the certificate. These identities may be included in addition to, or in place of, the identity in the subject field of the certificate.
    You can also add extensions in the
    Custom extension
     field. Type in the extension name and click
    Add
    .
  26. Click
    Finished
    .
To use this profile, you must assign it to a virtual server. See the
Assigning SSL profiles to a virtual server
 section for detailed information.

Create a custom Server SSL profile that supports CRL

With a Server SSL profile, the BIG-IP system can perform decryption and encryption for server-side SSL traffic.
A certificate revocation list (CRL) is a published list of revoked certificates issued and updated by the certificate authority who signed them. Clients like your internet browser, will check the certificate's CRL URI to find out if the certificate is valid. When a certificate is revoked, the CRL is updated to reflect the revokation and published accordingly. Lists are not the most efficient way to maintain a record of revocation in high volume scenarios so some application vendors have deprecated their use in favor of online certificate status protcol (OCSP). However, you still need a CRL configuraiton as it is still a common scenario and recommended for backward compatibility.
Before you create a customer Server SSL profile that supports CRL, you must create either a configured DNS resolver or a configured BIG-IP LTM pool.
  1. Create an internal proxy
    Internal Proxy is used by services such as CRL cert-validator, for defining how to send/receive the outbound traffic for the service.
  2. On the Main tab, click
    System
    Services
    Internal Proxies
    .
    The Internal Proxies screen opens.
  3. Click
    Create
    .
    The New Internal Proxy screen opens.
  4. In the
    Name
     field, type a unique name for your internal proxy.
  5. Select the
    Use Proxy Server
     check box if you want to use the
    Proxy Server Pool
     instead of
    DNS Resolver
    . The
    Proxy Server Pool
     is the LTM pool with one or multiple proxies for forwarding the CRL request to the CRL server. The
    DNS Resolver
     is the internal DNS resolver the BIG-IP system uses to fetch the internal proxy response.
    1. From the
      DNS Resolver
       list, select the internal DNS resolver the BIG-IP system uses to fetch the internal proxy response. This involves specifying one or more DNS servers in the DNS resolver configuration. Use this option when:
      • There is a DNS server that can do the name-resolution of the internal proxy.
      • The internal proxy can be reached on one of BIG-IP system's interfaces.
      If you are not selecting a pre-existing DNS Resolver you can create one. Click
      +
       to define a new internal DNS resolver and then return to this screen.
    2. From the
      Proxy Server Pool
       list, select the LTM pool for forwarding the CRL request to the CRL server.
  6. From the
    Route Domain
     list, select the route domain for fetching an internal proxy using HTTP explicit proxy. It is common to have the Route Domain set to
    0
    . Click
    +
     to define a new route domain.
    You have now created an internal proxy and are ready to create a CRL configuration object.
  7. Create a CRL configuration object
  8. On the Main tab, click
    System
    Certificate Management
    Traffic Certificate Management
    CRL
    .
    The CRL screen opens.
  9. Click
    Create
    .
    The New CRL screen opens.
  10. In the
    Name
     field, type a name that specifies the certificate revocation list.
  11. Specify if you want to select
    Strict Revocation Check
     to protect your configuration from accidental future changes. The Strict Revocation Check specifies whether the strict revocation check for the certificate revocation list is enable or disabled. If the check box is selected it enables the strict revocation check and keymgmtd waits for the c fetching/caching to complete. If it is disabled, keymgmtd immediately replies with certificate status that is unknown and starts to download/cache the certificate revocation list file.
  12. For the
    Internal Proxy
     section, select
    Internal Proxy List
     to define the CRL list that specifies the internal DNS resolver or a proxy server pool. Select either New Internal Proxy or Internal Proxy List to specify the internal proxy.
  13. Click
    Update
    .
    You are now ready to create your custom Server SSL profile that supports CRL.
  14. Create a Custom Server SSL Profile that supports CRL
  15. On the Main tab, click
    Local Traffic
    Profiles
    SSL
    Server
    .
    The Server SSL profile list screen opens.
  16. Click
    Create
    .
    The New Server SSL Profile screen opens.
  17. In the
    Name
     field, type a unique name for the profile.
  18. From the
    Parent Profile
     list, select
    serverssl
    .
  19. From the
    Configuration
     list, select
    Advanced
    .
  20. Select the
    Custom
     check box.
    The settings become available for change.
  21. From the
    Certificate
     list, select the name of an SSL certificate on the BIG-IP system.
    If the BIG-IP system is part of a DSC Sync-Failover group, always select a non-default certificate name, and ensure that this same certificate name is specified in every instance of this SSL profile in the device group. Taking these actions helps to ensure that SSL handshakes are successful after a failover event.
  22. From the
    Key
     list, select the name of an SSL key on the BIG-IP system.
    If the BIG-IP system is part of a DSC Sync-Failover group, always select a non-default key name, and ensure that this same key name is specified in every instance of this SSL profile in the device group. Taking these actions helps to ensure that SSL handshakes are successful after a failover event.
  23. In the
    Pass Phrase
     field, type a pass phrase that enables access to the certificate/key pair on the BIG-IP system.
  24. From the
    Chain
     list, select the name of an SSL chain on the BIG-IP system.
  25. For the
    Ciphers
     setting, specify a cipher group or cipher string by choosing one of these options.
    If you specified an ECDSA certificate key chain in the
    Certificate Key Chain
     setting, you must include the cipher string
    ECDHE_ECDSA
     in the cipher group or cipher string that you specify in the
    Ciphers
     setting. (At a minimum, you should specify a cipher group or string such as
    DEFAULT:ECDHE_ECDSA
    .) This is necessary to ensure successful cipher negotiation when the BIG-IP system is offered an ECDSA-based certificate only.
    Option
    Description
    Cipher Group
    Select an existing cipher group from the list when you want to use a system-defined or custom cipher group to define the ciphers that the BIG-IP system uses for negotiating SSL connections. Here's an example of the
    Ciphers
     setting where we've selected a custom cipher group that we created earlier.
    Cipher String
    Type a cipher string in the box if you want to manually specify a cipher string instead of selecting a cipher group. For security and performance reasons, consider following these recommendations:
    • Always append ciphers to the
      DEFAULT
       cipher string.
    • Type a cipher string that includes the ECC key type, because its shorter length speeds up encryption and decryption while still offering virtually the same level of security.
    • Disable ADH ciphers but also include the keyword
      HIGH
      . To do this, just include both
      !ADH
       and
      :HIGH
       in your cipher string.
    • For AES, DES, and RC4 encryption types, make sure you specify the DHE key exchange method. DHE uses
      Forward Privacy
      , which creates a key that it throws away after each session so that the same session key never gets used twice. When you use DHE, make sure that the SSL private key isn't being shared with a monitoring system or a security device like an intrusion detection or prevention system. Also, diagnostic tools like
      ssldump
       won't work when you're using Forward Secrecy.
    • Disable EXPORT ciphers by including
      !EXPORT
       in the cipher string.
    • If you can live with removing support for the SSLv3 protocol version, do it. This protocol version is not secure. Simply include
      :!SSLv3
       in any cipher string you type.
    Here's an example of the
    Ciphers
     setting where we have opted to manually type the cipher string
    DEFAULT:ECDHE-RSA-AES-128-GCM-SHA256:!ADH:!EXPORT:HIGH
    :
  26. In the same area of the screen, configure any other settings as needed.
  27. Select the
    Custom
     check box for the Server Authentication area of the screen.
    The settings become available for change.
  28. Change or retain the values for all Server Authentication settings as needed.
  29. From the
    CRL
     list, select the CRL object that specifies the SSL client certificate constrained delegation CRL object that the BIG-IP system's SSL should use. You can click the
    +
     icon to open the create-new CRL object screen.
  30. From the
    CRL File
     list, select the name of a file containing a list of revoked server certificates.
  31. In the
    Allow Expired CRL File
     field, select the check box to instruct the system to use the specified CRL file even if it has expired. The default is disabled.
  32. Complete any other settings and click
    Finished
    .
After performing this task, you can see the custom Server SSL profile that supports CRL in the list of Server SSL profiles on the system.

Assign SSL profiles to a virtual server

The final task in the process of implementing SSL profiles is to assign the SSL profile to a virtual server. If the relevant virtual server does not yet exist, you can assign the SSL profile (or profiles) to the virtual server when you create it.
  1. On the Main tab, click
    Local Traffic
    Virtual Servers
    .
    The Virtual Server List screen opens.
  2. Click the name of a virtual server.
  3. From the
    Configuration
     list, select
    Advanced
    .
  4. For the
    SSL Profile (Server)
     setting, from the
    Available
     list, select the name of the Server SSL profile you previously created and move the name to the
    Selected
     list.
  5. Click
    Update
     to save the changes.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information