Forum Discussion

Nimbostratus

Nov 21, 2013

iRule for redirecting 128bit RC4-md5 and 128bit RC4-SHA to webpage

Hello I have been asked to deny or block 128bit RC4-md5 and 128bit RC4-SHA user reqeust, so I wrote following iRule when HTTP_REQUEST { log local0. "VIP connection request before if statem...

Employee

Nov 21, 2013

If I may add, there are a few concerns:

First, the cipher list name should never just be "RC4". If anything it'll be "RC4-SHA" or something that describes at least one encryption and one digital signature algorithm.
When a client and server negotiate an SSL/TLS session, the client will send a list of supported ciphers, and the server will (usually) pick something from that list. Practically all modern browsers will prefer RC4. It's also not possible, I believe, to do anything other than 128 bit RC4 in any of these browsers.
As Lapayne already pointed out, the DEFAULT cipher list already excludes MD5, so you should never see that one.

So, in lieu of RC4-SHA, what are you trying to get users to use?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

iRule for redirecting 128bit RC4-md5 and 128bit RC4-SHA to webpage

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Terraform LTM provider - ICMP disabled on resulting VIPs

Need to make 2 Virtual Appliance in r4600 F5

Disabling signature for a URL

XC - geo LB to the origin servers

F5 LACP

Related Content

F5 HTTPS Redirect 2025

(HTTP) Redirection via Arbitrary Host Header

Rewriting Redirects

Anchor Link Redirect

URI Redirect

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS