F5 redirect for SSLv3 connections only

If you add a line to log the ciphersuite and test with IE, do you see the SSLv3 coming through or a different log message?

when HTTP_REQUEST { 
    set cipherSuite [SSL::cipher version] 
    log local0. "Cipher Suite: $cipherSuite"

    if { $cipherSuite equals "SSLv3" } { 
        log local0. "SSL3 connection detected from [IP::client_addr] for [virtual name]" 
        HTTP::redirect "https://sslv3help.com" 
        TCP::close 
    } 
}

Tue Jan 27 08:50:15 CST 2015errLB06mcpd[5116]1070151Rule [/Common/test_rule] error: line 1: [wrong args] [when HTTP_REQUEST { set cipherSuite [SSL::cipher version] if { $cipherSuite equals "SSLv3" } { log local0. "SSL3 connection detected from [IP::client_addr] for [virtual name]" HTTP::redirect https://sslv3help.com TCP::close } } [/code]]

Tue Jan 27 08:50:40 CST 2015errLB06mcpd[5116]1070151Rule [/Common/test_rule] error: line 2: [wrong args] [set cipherSuite [SSL::cipher version] if { $cipherSuite equals "SSLv3" } { log local0. "SSL3 connection detected from [IP::client_addr] for [virtual name]" HTTP::redirect https://sslv3help.com TCP::close } ]

Tue Jan 27 08:50:43 CST 2015errLB06mcpd[5116]1070151Rule [/Common/test_rule] error: line 2: [wrong args] [set cipherSuite [SSL::cipher version] if { $cipherSuite equals "SSLv3" } { log local0. "SSL3 connection detected from [IP::client_addr] for [virtual name]" HTTP::redirect https://sslv3help.com/browsers.html TCP::close } ]

Wanted to answer this (sorry it took so long) but this was resolved when I noticed that the SSL profile attached to the Virtual Cert – specifically does not allow SSLv3 traffic due to the fact that its parent profile has a ‘No SSLv3’ option enabled on it, which is being inherited to the child ssl profile.

So best to create a separate SSL profile when testing this to ensure you don't end up wasting time trying to figure this out, like me.

Thanks.