Follow

What are Transparent SSL Profiles?

Question

  • What are Transparent SSL Profiles?

 

Environment

  • Silverline WAF
  • Proxy / Proxies
  • SSL Certificates
  • SSL Profiles

 

Answer

  • Silverline proxy can utilize a transparent SSL/TLS profile allowing us to
    • Inspect the decrypted traffic and perform WAF inspection
    • The client will then perform mutual authentication with the endpoint/destination
  • In terms of client cert passing to the backend, the Silverline Proxy infrastructure no longer performs the handshake
    • The handshake and exchange of the SSL information occurs between the client and backend application/server
      • small latency penalty may occur
  • Transparent SSL profiles allow Silverline to inspect an SSL session without terminating it within the Silverline service itself
  • During an SSL handshake, Silverline will intervene in the event that a handshake fails due to a lack of ciphers that are compatible between client and server
  • Transparent SSL Profiles will require a Certificate/Key Pair. See Q&A Why does the Silverline proxy infrastructure require a cert/key pair?
  • Contact SOC / Contact Silverline Support if you want to enable Transparent SSL Profiles.

Limitations:

  • Cipher Suite must match on frontend and backend SSL profiles, “ALL” is perfectly acceptable
  • The SSL profile must have the same certificate and key as the actual server (as opposed to the usual SOC process of encouraging different certs/keys to the customer webservers)
  • Only RSA is supported (no ECC / DSA)
  • No Diffe-Hellman
  • No Perfect Forward Secrecy

 

Related Content

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request