F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Visvesh_138292's avatar
Visvesh_138292
Icon for Nimbostratus rankNimbostratus
Jan 08, 2016

Irule for redirect to error page when the client request from weak ciphers

Hi Team,   I have an irule which will redirect to error page when the client comes from weak ciphers after SSL Handshake completion.   Can Someone pls help me on what needs to be done with the ...
devops
iRules
LTM
Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Jan 08, 2016

Hi Visvesh,

this is unfortunately not possible.

Browsers wouldn't speak HTTP before the SSL handshake is complete. Therefore you can't use 

[HTTP::redirect]
in earlier stages to redirect to a friendly errorpage.

BTW: Are your sure that your outlined iRule is working? You're using a 

&&
operator (aka. AND) to deny the different chipher suites, but the result can be always be just one of the values. An 
||
operator (aka. OR) would make more sense. In this case only one of the listed weak-chiphers is needed to trigger the redirect...

Cheers, Kai