Topic
  • 3 replies
  • Latest Post - ‏2013-05-15T09:58:11Z by HermannSW
lenisha
lenisha
24 Posts

Pinned topic TCP Proxy SSL termination

‏2013-05-10T18:39:15Z |

Hello folks,

 

We need to propagate the identity of the caller (client certificate DN) through Datapower SSL proxy, handling custom (MLLP) protocol over TCPs with mutual SSL. We cannot inject anything in TCP payload.. Is there a way NOT to terminate SSL on Datapower SSL proxy and have it pass client certificate to further downstream?

 

Thank you

  • HermannSW
    HermannSW
    6201 Posts
    ACCEPTED ANSWER

    Re: TCP Proxy SSL termination

    ‏2013-05-15T09:58:11Z  
    • lenisha
    • ‏2013-05-13T16:29:33Z

    Is TCP Proxy suitable for SSL traffic - TLS?

    Hi Elena,

    > Is TCP Proxy suitable for SSL traffic - TLS?
    >
    yes, that is the reason why I provided that WebGUI redirection example above for you to easily try it out.

    TCP proxy just passes any client data to backend and any backend data to client.
    It does not know on SSL or anything else, but it does not need to.


    Hermann<myXsltBlog/> <myXsltTweets/> <myCE/>
     

  • HermannSW
    HermannSW
    6201 Posts

    Re: TCP Proxy SSL termination

    ‏2013-05-12T18:59:21Z  

    SSL Proxy purpose is to terminate SSL.

    If you just want to "pass-thru" SSL traffic through DataPower you can use TCP Proxy Service.

    You can easily try it out on CLI by:

    config; tcpproxy tst 0 9091 127.0.0.1 9090; exit


    This allows you to access the WebGUI on your box on port 9090 as well as on port 9091.


    Hermann<myXsltBlog/> <myXsltTweets/> <myCE/>

  • lenisha
    lenisha
    24 Posts

    Re: TCP Proxy SSL termination

    ‏2013-05-13T16:29:33Z  
    • HermannSW
    • ‏2013-05-12T18:59:21Z

    SSL Proxy purpose is to terminate SSL.

    If you just want to "pass-thru" SSL traffic through DataPower you can use TCP Proxy Service.

    You can easily try it out on CLI by:

    config; tcpproxy tst 0 9091 127.0.0.1 9090; exit


    This allows you to access the WebGUI on your box on port 9090 as well as on port 9091.


    Hermann<myXsltBlog/> <myXsltTweets/> <myCE/>

    Is TCP Proxy suitable for SSL traffic - TLS?

  • HermannSW
    HermannSW
    6201 Posts

    Re: TCP Proxy SSL termination

    ‏2013-05-15T09:58:11Z  
    • lenisha
    • ‏2013-05-13T16:29:33Z

    Is TCP Proxy suitable for SSL traffic - TLS?

    Hi Elena,

    > Is TCP Proxy suitable for SSL traffic - TLS?
    >
    yes, that is the reason why I provided that WebGUI redirection example above for you to easily try it out.

    TCP proxy just passes any client data to backend and any backend data to client.
    It does not know on SSL or anything else, but it does not need to.


    Hermann<myXsltBlog/> <myXsltTweets/> <myCE/>