Forum Discussion

vvskaladhar_488's avatar
vvskaladhar_488
Icon for Nimbostratus rankNimbostratus
Jun 22, 2018

irule required.

HI Can some one please provide an irule for allow only TLS1.2 for some customers and allow TLSv1.0 , TLSv1.1 for other users on same vip? How ever i am aware of IPs who i need to allow TLSV1.0 and 1.1 and rest of all only TLS1.2 only ? is it possible if i can create Data group with IPs of the ursers to allow TLSv1.1 and TLSv1.0 ?

 

your help is greatly appreciated.

 

5 Replies

    • vvskaladhar_488's avatar
      vvskaladhar_488
      Icon for Nimbostratus rankNimbostratus

      HI Jason,

       

      I have tried above but it did not helped. more over i am not users client and server SSL profiles. its all client profile which was tagged to the VIP.

       

      when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr] eq $TLSV1.0_1.1_Disable ]} { SSL::profile kaladhar.adc.com_TLS } else { SSL::profile kaladhar.adc.com_client-ssl } }

       

      I created Data group with Name :TLSV1.0_1.1_Disable ( added one of the testip from interent) created 2 profiles 1 with TLSv1.0 and 1.1 disable and on has no disabled of TLS enabled TLSv1.0 . After tagging this irule i see the url stooped working and unable to run qualys scan.and getting below error for all the users.

       

      Assessment failed: No secure protocols supported .

       

    • vvskaladhar_488's avatar
      vvskaladhar_488
      Icon for Nimbostratus rankNimbostratus

      HI Jason,

       

      I have tried above but it did not helped. more over i am not users client and server SSL profiles. its all client profile which was tagged to the VIP.

       

      when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr] eq $TLSV1.0_1.1_Disable ]} { SSL::profile kaladhar.adc.com_TLS } else { SSL::profile kaladhar.adc.com_client-ssl } }

       

      I created Data group with Name :TLSV1.0_1.1_Disable ( added one of the testip from interent) created 2 profiles 1 with TLSv1.0 and 1.1 disable and on has no disabled of TLS enabled TLSv1.0 . After tagging this irule i see the url stooped working and unable to run qualys scan.and getting below error for all the users.

       

      Assessment failed: No secure protocols supported .