With SSL acceleration, the SSL session is terminated at the LoadMaster, and sent to the Real Servers unencrypted. In some security situations, it may be necessary to encrypt the connection between the LoadMaster and Real Servers. This can be done with reencrypt SSL.

With reencrypt SSL, the SSL session is first terminated at the LoadMaster. Persistence and other Layer 7 functionality can then be performed. After that, the traffic is re-encrypted in a new SSL session between the LoadMaster and the Real Server.

This is turned on by a single option in the properties screen of a Virtual Service in the SSL section.

Note: The TPS value reported on the LoadMaster Home screen only counts the decrypting transactions (the re-encrypting transactions are not counted). If Reencrypt is enabled for a Virtual Service, you can roughly double the number. For example, if five Virtual Services are enabled for SSL offloading and only one Virtual Service is enabled for re-encrypting, then double the TPS number for that one Virtual Service and add to the total to get the total value. Doubling only applies to Virtual Services that have re-encryption enabled.