Forum Discussion

Nimbostratus

Nov 18, 2015

Inject TLS version into HTTP header

I'm planning to disable support for TLS 1.0, but want to give my users some time to update to modern browsers before I pull the plug on older browsers that don't support TLS 1.1 and 1.2. I'd like to ...

Brad_Parker_139
Nov 18, 2015
Yep, this should do the trick for you.

when HTTP_REQUEST { HTTP::header insert "tls-version" [SSL::cipher version] }

Brad_Parker

Cirrus

Yep, this should do the trick for you.

when HTTP_REQUEST {
    HTTP::header insert "tls-version" [SSL::cipher version]
}

Doppler44_23469

Nimbostratus

Nov 18, 2015

That did the trick. The header appears with the appropriate value: "TLSv1", "TLSv1.1", or "TLSv1.2". Thanks again.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Inject TLS version into HTTP header

Recent Discussions

APM with EntraID as idP / request signed

Should config via cli rather than gui?

Background Tasks

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Mitigating OWASP API Security Risk: Injection flaws using F5 XC Platform

Joomla! SQL Injection Vulnerability

Big IP version 12 API

Lightboard Lessons: OWASP Top 10 - Injection Attacks

Gomez Injection

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS