Forum Discussion

Altostratus

Jan 20, 2018

help with irule to use specific SSL profile based on source IP and cipher strength, log required

Hello f5 community, I do have a virtual server with an SSL profile that allows medium (128bit) and high ciphers (256bit), however need to upgrade this VS to use only 256 bit ciphers except for a l...

MVP

Jan 20, 2018

According to the diagram in this article, the CLIENTSSL_HANDSHAKE event occurs after a successful handshake.

https://devcentral.f5.com/questions/irule-event-order-https-ssl-client-server-side

In case of an client connecting with a medium cipher suite that isn’t whitelisted, the handshake will fail and never trigger the event CLIENTSSL_HANDSHAKE. To make your iRule work, you will need to allow all medium cipher suite connections and reject them for example in the HTTP_REQUEST event.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

help with irule to use specific SSL profile based on source IP and cipher strength, log required

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

CVE mitigation on F5 XC vs classic F5 WAF

Could not communicate with the system. Try to reload page.

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

APM-Specific Features for Securing Your Website

BIG-IP APM: How to streamline your access requirements

Upcoming Action Required: F5 NGINX Plus R33 Release and Licensing Update

Ansible - Upload Certificates requires Administrator Role?

Cipher Strength Pool Selection

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS