Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

SSL disable/enable based on SSL Cipher

I want to enable/disable SSL based on SSL Cipher version. I have created the following iRule, but it does not work as expected.

when CLIENTSSL_CLIENTHELLO { 
    log local0. "[SSL::cipher version]"
    if { [SSL::cipher version] <= "TLSv1.2" } {
        SSL::disable
        pool pool_1
}
    else {
        SSL::enable
        pool pool_2
    }
}

I confirming that traffic forward with the specified Pool.

Could you tell me how to make the expected behavior?

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi,

You want to disable SSL in server side? or client side?

Because if you want to disable SSL on client side it will be dificult. because your negotiation ssl is already started, that's what allows you to determine the protocol...

Can you explain exactly your context / need (why you want to do this). we could give you a better alternative.

regards

0
Comments on this Answer
Comment made 2 months ago by tetsuro 1

Hi, I want is that I do not want BIG-IP to handle SSL at all for a specific Cipher.(I want to Bypass).

By realizing this, we are expecting to reduce the load of BIG-IP.

I know that other load balancers already implement functions that can accomplish these demands. So, I think whether BIG-IP is also possible.

0