SSL main settings
You can display and modify SSL Main optimization settings for the selected optimization policy on the SSL Main Settings page. Enabling SSL allows you to accelerate encrypted traffic (for example, HTTPS).
For detailed information, see the SteelHead User Guide.
TLS Blade Configuration
These configuration options are available:
Enable TLS Optimization
Enables optimization of secure traffic, which accelerates applications that use TLS for encryption. Must be enabled on both the client-side and server-side SteelHeads. Using in-path rules, you can choose to enable TLS optimization only on certain sessions (based on source and destination addresses, subnets, and ports), on all sessions, or on no sessions at all. A TLS session that is not optimized simply passes through the unmodified. Disabled by default.
OCSP Stapling Support
Enables Online Certificate Status Protocol (OCSP) stapling. OCSP is an alternative approach to obtain certificate status from the OCSP servers instead of the origin server’s Public Key Infrastructure (PKI). Enable on server-side appliances.
• Off disables OCSP. Disabled by default.
• Strict bypasses the connection is the origin server does not support OCSP.
• Strict AIA bypasses the connection if the certificate included an Authority Information Access (AIA) field but the origin server failed to send an OCSP response. If the certificate did not include an AIA field and the origin server failed to send an OCSP response, the connection is not dropped because the server-side appliance does not expect an OCSP response.
• Loose does not bypass the connection if the origin server does not support OCSP.