Forum Discussion
Alex_Suslik_102
Nimbostratus
Sep 19, 2006check client SSL encryption level support
Client targeting https://strong.test.com
This code should redirect to a pool "client_info" only if the browser does not support 128 or 256 bit encryption, but it always redirects to this poo...
Deb_Allen_18
Sep 19, 2006Historic F5 Account
Hi Alex -
I'd recommend adding some logging to your rule that reveals the variables your condition uses at the time the evaluation is made:
when HTTP_REQUEST {
set cipher [HTTP::header "SSLClientCipher"]
log local0. "cipher = $cipher"
if { ($cipher eq "bits=128") || ($cipher eq "bits=256") }{
I think you'll find that the value returned doesn't /equal/ either value, so the condition fails. You might try the "contains" operator instead if you see the string "bits=xxx" in the returned value:when HTTP_REQUEST {
set cipher [HTTP::header "SSLClientCipher"]
if { ($cipher contains "bits=128") || ($cipher contains "bits=256") }{
However, there is actually a specific command to find the cipher bits, so I think this rule would accomplish your goal:when HTTP_REQUEST {
if { [SSL::cipher bits] >= 128 }{
pool strong.test.com
} else {
pool client_info
}
}
HTH
/deb
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects