Forum Discussion
Raymond_Cheung_
Nimbostratus
NimbostratusAnyone has existing iRule for "Insert Cipher" check box for viersion 4 in version 9 code?
We implement "Insert Cipher" in version 4 on the Client SSL Proxy, the server will look at the http header and determine if the browser is using 40 bits ir 128 bits encryption.
I wondering if anyone has the iRule for version 9, which is equivalent to the "Insert Cipher" check box in version 4?
Thanks
Raymond
Bob_Rion_9275
You can setup a class for the cipher_bits and cipher_versions as shown and then check for the matches with "matchclass", in v9 the SSL is handled different
than in v4 as you have direct acces to cipher information using SSL::*** constructs.
If you want to pass the cipher values in the HTTP header as did v4.x "insert cipher" did you can use HTTP::header directives to insert the dataas shown below.
Here is an example:
class cipher_bits {
"128"
"156"
"192"
"256"
}
class cipher_versions {
"SSLv3"
"TLSv1"
}
rule test_cipher {
when HTTP_REQUEST {
HTTP::header insert CipherName [SSL::cipher name]
HTTP::header insert CipherVersion [SSL::cipher version]
HTTP::header insert CipherBits [SSL::cipher bits]
if { [matchclass [SSL::cipher version] equals $::cipher_versions] and [matchclass [SSL::cipher bits] equals $::cipher_bits] } {
use pool ssl_good
} else {
HTTP::redirect "https://xxx.yyy.zzz/html/ssl_upgrade.html"
}
} else {
discard
}
Hope that helps,