iRule to provide CIPHER for specifc hosts

Question

I am running into a situation that I think I can fix with an iRule but don't know how to go about writing it. I need to control the CIPHER that is presented to a Client but want it to be different based on the Source Address of the client. &nbsp;
For Example:
If Client is 10.3.4.2 I want to present them with DEFAULT:SSLv3&nbsp;
If Client is 10.1.1.1 I want to present them with DEFAULT:!TLS1_0&nbsp;
Can someone please help guide me on how to write this rule. I need to do something like this so that my Server 2008 32-bit servers can still connect to my sites but only present TLSv1.1 and TLSv1.2 to everyone else.&nbsp;

walter_kacynski · Answer

I do this TCL command SSL::profile to change which SSL profile is applied in the CLIENT_ACCEPTED event.
when CLIENT_ACCEPTED {
  if { ([IP::addr [IP::client_addr] equals 10.3.88.229 ]) || ([IP::addr [IP::client_addr] equals 10.3.91.179 ]) } {
    SSL::profile F5Support-ClientSSL
}

Forum Discussion

iRule to provide CIPHER for specifc hosts

1 Reply

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

Port Group on F5OS network setting

Advise on setting up IRULE

F5 iRule to replace host to path

google-visualization-issues

Related Content

F5 APM as Service Provider (SP) and Microsoft AzureAD as Identity Provider (IDP)

Enable SAML Service Provider on F5 Distributed Cloud Application

Cipher Suites Supported (12.1.5.3)

LTM Cipher rule

Disabling Weak Ciphers