Forum Discussion
Doppler44_23469
Nimbostratus
NimbostratusInject TLS version into HTTP header
I'm planning to disable support for TLS 1.0, but want to give my users some time to update to modern browsers before I pull the plug on older browsers that don't support TLS 1.1 and 1.2. I'd like to display a message ("It's time to upgrade your browser") in my web app for customers who negotiate a TLS 1.0 connection.
Is it possible to inject an HTTP header (say "tls-version") into the browser's request?
Yep, this should do the trick for you.
when HTTP_REQUEST { HTTP::header insert "tls-version" [SSL::cipher version] }
Brad_Parker_139Nacreous
Yep, this should do the trick for you.
when HTTP_REQUEST { HTTP::header insert "tls-version" [SSL::cipher version] }
Doppler44_23469Brad, thank you. That's much simpler than I thought it would be.- Doppler44_23469That did the trick. The header appears with the appropriate value: "TLSv1", "TLSv1.1", or "TLSv1.2". Thanks again.
Brad_ParkerCirrus
Yep, this should do the trick for you.
when HTTP_REQUEST { HTTP::header insert "tls-version" [SSL::cipher version] }- Doppler44_23469Brad, thank you. That's much simpler than I thought it would be.
- Doppler44_23469That did the trick. The header appears with the appropriate value: "TLSv1", "TLSv1.1", or "TLSv1.2". Thanks again.
sharmadh_121489IS this work when we have server side SSL profile active.