Forum Discussion

Altostratus

Jan 19, 2018

help with irule to use specific SSL profile based on source IP and cipher strength, log required

Hello f5 community, I do have a virtual server with an SSL profile that allows medium (128bit) and high ciphers (256bit), however need to upgrade this VS to use only 256 bit ciphers except for a l...

MVP

Jan 19, 2018

According to the diagram in this article, the CLIENTSSL_HANDSHAKE event occurs after a successful handshake.

https://devcentral.f5.com/questions/irule-event-order-https-ssl-client-server-side

In case of an client connecting with a medium cipher suite that isn’t whitelisted, the handshake will fail and never trigger the event CLIENTSSL_HANDSHAKE. To make your iRule work, you will need to allow all medium cipher suite connections and reject them for example in the HTTP_REQUEST event.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

help with irule to use specific SSL profile based on source IP and cipher strength, log required

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

ASM allow specific url from outside country of geolocation ON

F5 DNS Logs in JSON Format

APM - Portal access - Issue

How to configure ssh access by key on F5OS

ASM/AWAF declarative policy

Related Content

APM-Specific Features for Securing Your Website

BIG-IP APM: How to streamline your access requirements

Upcoming Action Required: F5 NGINX Plus R33 Release and Licensing Update

Cipher Strength Pool Selection

Ansible - Upload Certificates requires Administrator Role?

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS