iRule to redirect connections based on which TLS version is being used.

Question

I'm trying to figure out the syntax for an iRule that will direct incoming requests to our web servers based on what version of TLS the client is connecting with. Currently, we are only allowing TLS 1.0, which is not secure and we are planning to change the ciphers so that we restrict only TLS 1.2 connections. Restricting only TLS 1.2 will be simple if we just cut over in the SSL Cert setup however the powers-that-be would like to give a month or more of warnings to our clients before just cutting off every connection that isn't TLS 1.2 supported.
I've been tasked with creating an iRule that will determine which TLS Version the client is using and if the TLS Version is TLS 1.0 or 1.1 redirect the clients request to a warning page that will instruct them about our intent to strictly use TLS 1.2 connection only. Then the warning page will redirect them to the site after a certain time out has expired (Not sure if the timeout would occur on the F5 or the web server).&nbsp;
Has anyone tried to accomplish this type of selective redirects? If you have what was the iRule or Policy that you used?&nbsp;
Thanks in advance.&nbsp;

niels_van_sluis · Answer

This code snippet will probably help you:&nbsp;
https://devcentral.f5.com/codeshare?sid=656

Forum Discussion

iRule to redirect connections based on which TLS version is being used.

1 Reply

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Anchor Link Redirect

TMOS Version Update Paths

Big IP version 12 API

Connect to version 14 and above with Powershell iControl

F5 Connection Mirroring question