Topic
3 replies Latest Post - ‏2013-05-15T09:58:11Z by HermannSW
lenisha
lenisha
23 Posts
ACCEPTED ANSWER

Pinned topic TCP Proxy SSL termination

‏2013-05-10T18:39:15Z |

Hello folks,

 

We need to propagate the identity of the caller (client certificate DN) through Datapower SSL proxy, handling custom (MLLP) protocol over TCPs with mutual SSL. We cannot inject anything in TCP payload.. Is there a way NOT to terminate SSL on Datapower SSL proxy and have it pass client certificate to further downstream?

 

Thank you

  • HermannSW
    HermannSW
    4325 Posts
    ACCEPTED ANSWER

    Re: TCP Proxy SSL termination

    ‏2013-05-12T18:59:21Z  in response to lenisha

    SSL Proxy purpose is to terminate SSL.

    If you just want to "pass-thru" SSL traffic through DataPower you can use TCP Proxy Service.

    You can easily try it out on CLI by:

    config; tcpproxy tst 0 9091 127.0.0.1 9090; exit


    This allows you to access the WebGUI on your box on port 9090 as well as on port 9091.


    Hermann<myXsltBlog/> <myXsltTweets/> <myCE/>

    • lenisha
      lenisha
      23 Posts
      ACCEPTED ANSWER

      Re: TCP Proxy SSL termination

      ‏2013-05-13T16:29:33Z  in response to HermannSW

      Is TCP Proxy suitable for SSL traffic - TLS?

      • HermannSW
        HermannSW
        4325 Posts
        ACCEPTED ANSWER

        Re: TCP Proxy SSL termination

        ‏2013-05-15T09:58:11Z  in response to lenisha

        Hi Elena,

        > Is TCP Proxy suitable for SSL traffic - TLS?
        >
        yes, that is the reason why I provided that WebGUI redirection example above for you to easily try it out.

        TCP proxy just passes any client data to backend and any backend data to client.
        It does not know on SSL or anything else, but it does not need to.


        Hermann<myXsltBlog/> <myXsltTweets/> <myCE/>