Forum Discussion
5 Replies
Sort By
- Colin_Walker_12Historic F5 AccountUnfortunately, since you'd have to decrypt the HTTP request to even see the URI that's being requested, you wouldn't be able to enforce a cipher choice based on URI, as the information would already be in plaintext by the time you'd have enough information to make this decision.
- bl0ndie_127134Historic F5 AccountSSL exposes a rule 'SSL::profile ' that allows you to select a particular SSL profile via the rules. You could try setting the profile to the restrictive one and call SSL::renogotiate. I have not tested to see if this works so you will have to try this out on your own.
- Maurice_G_EmployeeThanks. I have an iRule associated with my VIP:80 which based on the URI selects a VIP:443 which has a profile which forbids SSLv2.
- Al_Carandang_11NimbostratusI have an SSL profile which accepts even weak ciphers.
- Al_Carandang_11NimbostratusYes this does work. You just need to apply an SSL profile which will accept ciphers < 128 bits long.