Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
code share

Redirect On Weak Encryption

Problem this snippet solves:

This rule illustrates how to redirect a client to an un-encrypted page with an informational error if the client does not have at least 128 bits of encryption.

This rule illustrates how to redirect a client to an un-encrypted page with an informational error if the client does not have at least 128 bits of encryption. The iRule uses the SSL::cipher command to get details on the selected SSL cipher.

This approach can be more user-friendly compared with disabling ciphers in the client SSL profile. Configuring the profile to refuse low ciphers can result in non-conforming clients receiving a TCP reset.

Note: Vulnerability scanners will detect that LTM supports low ciphers using this iRule. However, no low cipher requests will be able to reach the VIP's default pool, so the issue is moot.