Forum Discussion

bsm1970

Nimbostratus

Mar 19, 2019

Block page for TLSv1.x or SSL connections

We have a web page/application that we want to reject connections from any client not using at least TLSv1.2. The way we were planning on doing that was to do this in IIS on the server. It would di...

Cirrus

Mar 19, 2019

when CLIENTSSL_HANDSHAKE {
    if { ( [SSL::cipher version] ne "TLSv1.2" ) } {
        set invalid_ssl 1
    } else {
        set invalid_ssl 0
    }
}
when HTTP_REQUEST {
    if { $invalid_ssl } {
        HTTP::redirect "http://www.example.com/upgradetls"
        TCP::close
    }
}

Here is an iRule from this article. This should suit your needs. You can also serve a custom response with an iFile

If you have any more questions, I am sure I can help

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Block page for TLSv1.x or SSL connections

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

API Security Strategy - Discover and map APIs, block unwanted connection and prevent data leakage

Site-to-Site Connectivity in F5 Distributed Cloud Network Connect – Reference Architecture

Block IP after a number of ASM Blocks

Block traffic

Response and blocking page

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS