About SSL main settings
The main SSL/TLS optimization settings are under Optimization > SSL: SSL Main Settings. Complete the configuration on client-side and server-side appliances, and then restart the service.
Enable TLS Optimization option enables optimization of secure traffic, which accelerates applications that use TLS for encryption. Using in-path rules, you can choose to enable TLS optimization only on certain sessions (based on source and destination addresses, subnets, and ports), on all sessions, or on no sessions at all. A TLS session that is not optimized simply passes through unmodified. Disabled by default.
Enable TLS Profiling enables reporting for SSL/TLS connections.
OCSP Stapling Support enables Online Certificate Status Protocol (OCSP) stapling. OCSP is an alternative approach to obtain certificate status from the OCSP servers instead of the origin server’s Public Key Infrastructure (PKI). Enable this setting on server-side appliances.
• Off disables OCSP. Disabled by default.
• Strict bypasses the connection if the origin server does not support OCSP.
• Strict AIA bypasses the connection if the certificate included an Authority Information Access (AIA) field but the origin server failed to send an OCSP response. If the certificate did not include an AIA field and the origin server failed to send an OCSP response, the connection is not dropped because the server-side appliance does not expect an OCSP response.
• Loose does not bypass the connection if the origin server does not support OCSP.