Forum Discussion

Altostratus

Jan 20, 2018

help with irule to use specific SSL profile based on source IP and cipher strength, log required

Hello f5 community, I do have a virtual server with an SSL profile that allows medium (128bit) and high ciphers (256bit), however need to upgrade this VS to use only 256 bit ciphers except for a l...

MVP

Jan 20, 2018

According to the diagram in this article, the CLIENTSSL_HANDSHAKE event occurs after a successful handshake.

https://devcentral.f5.com/questions/irule-event-order-https-ssl-client-server-side

In case of an client connecting with a medium cipher suite that isn’t whitelisted, the handshake will fail and never trigger the event CLIENTSSL_HANDSHAKE. To make your iRule work, you will need to allow all medium cipher suite connections and reject them for example in the HTTP_REQUEST event.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

help with irule to use specific SSL profile based on source IP and cipher strength, log required

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Is it possible to create a Single Pool with multiple ports ?

F5 object groups in AFM

Round-robin method not load balanced

F5 ASM with fortisandbox

Disabling signature for a URL

Related Content

APM-Specific Features for Securing Your Website

BIG-IP APM: How to streamline your access requirements

Upcoming Action Required: F5 NGINX Plus R33 Release and Licensing Update

Cipher Strength Pool Selection

Reminder: MFA now required to log in to DevCentral

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS