Enables client authentication for SSL simplification. Client authentication is enabled by default.

SSL simplification is a method of TLS optimization using an SSL agent. SSL simplification provides zero-touch certificate management for clients that have a Client Accelerator installed. This feature requires RiOS 9.12 or later on the client-side and server-side SteelHeads and Client Accelerator 6.2.2 or later on each client endpoint. For details on configuring SSL simplification and TLS optimization, see the SteelHead User Guide and the Client Accelerator User Guide.

When you enable the TLS blade using the policy id <id> tls optimization enable command, the old SSL blade and the new TLS blade are active in the SteelHead and Client Accelerator. TLS optimization is activated only when it is enabled on both SteelHead peers and the Client Accelerator (or the Client Accelerator and the SteelHead). Otherwise, the old SSL blade will continue to be used.

The TLS blade expands Riverbed’s existing SSL and TLS optimization features by allowing you to optimize TLS 1.2 connections without manually installing or creating signed proxy certificates. While this capability exists in earlier versions of the Client Accelerator, the new TLS blade simplifies configuration and extends capabilities to branch mode. Client Accelerator 6.2.2 and later supports client authentication using modern Elliptical Curve Diffe-Hellman Ephemeral (ECDHE) cipher suites. Control over TLS connections use a web proxy model, while key access uses the same paradigm as hardware security module (HSM) deployments. For details on SSL simplification and TLS optimization, see the Client Accelerator User Guide and the SteelHead User Guide.

The no command option disables the TLS client authorization.

Client Accelerator

“policy id tls optimization enable,” show policy id