Forum Discussion

Nimbostratus

Oct 12, 2006

Disablling SSL v2 to users with iRules

I'm looking at capturing users who use an older browser which negotiates with SSL v.2 and redirecting them to a page that basically tells them to upgrade. My questions are these: 1...

Cirrostratus

Oct 13, 2006

It looks like that is correct. I think the logic is: if you're just passing the SSL traffic through the BIG-IP, BIG-IP never sees the SSL handshake--and therefore you can't access the SSL cert info or use SSL-based iRule commands. I'm not sure whether the client SSL cipher version info is snoop-able in between the client and the server, but I'm pretty sure BIG-IP isn't looking for it (if it is visible) anyhow.

Regardless, you need to decrypt the HTTPS traffic in order to send an HTTP redirect back to the client.

Aaron

Forum Discussion

Disablling SSL v2 to users with iRules

Recent Discussions

BWC iRule

GTM Packet Capture command

Citrix XenServer Big-IP Upgrade help

BIG-IP DNS iRule issue with static variable

F5 ASM logging profile to specify source IP

Related Content

DEVCENTRAL END-USER LICENSE AGREEMENT

iRules: Disabling Event Processing

Update your DevCentral user profile

Disable below cipher

Disable cookie persistance in irule