F5 SSL Everywhere
3ztjr
3ztjr
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
RECOMMENDED PRACTICES<br />
<strong>F5</strong> <strong>SSL</strong> <strong>Everywhere</strong><br />
About the acronyms <strong>SSL</strong> vs. TLS<br />
Vagueness is anathema to engineers. As a result, many engineers refer to modern web<br />
encryption as TLS and consider the acronym <strong>SSL</strong> obsolete. But the fact is that <strong>SSL</strong> has<br />
become shorthand for “a secure connection” even in casual conversation between security<br />
professionals and the same security engineers who dislike seeing <strong>SSL</strong> in print. So for the<br />
purposes of brevity and search engine optimization, this document uses the acronym <strong>SSL</strong><br />
to refer to the collection of encryption protocols that encompass <strong>SSL</strong>v2, <strong>SSL</strong>v3, TLSv1,<br />
TLSv1.1, and TLSv1.2, except where it is important to specify a particular version. When <strong>SSL</strong><br />
is used as an adjective (for example, <strong>SSL</strong> VPN), it should be understood that the subject<br />
encompasses the current, accepted protocols for transport layer security.<br />
<strong>SSL</strong>v3 is rapidly being phased out, with <strong>SSL</strong>v2 long dead. Even TLSv1.0 is discouraged<br />
today, and only TLSv1.1/1.2 should be used whenever possible. Perhaps, in time, the<br />
language will catch up to reality and TLS will be used in the same way <strong>SSL</strong> is commonly<br />
used today.<br />
Deployment Scenarios<br />
For many organizations today, the main use case for <strong>SSL</strong> is securing data from customers<br />
and employees on the Internet to data center applications through an Application Delivery<br />
Controller (ADC). While the data center deployment is among the most mature of encrypted<br />
data center technologies, it’s not without innovation (and renovation). The deployment<br />
scenarios that follow include advanced <strong>SSL</strong> strategies such as HTTP Strict Transport<br />
Security (HSTS) and Online Certificate Status Protocol (OCSP) stapling. The recommended<br />
practices introduce how these technologies can be leveraged in inbound data center<br />
deployments for outbound visibility.<br />
4