HI Can some one please provide an irule for allow only TLS1.2 for some customers and allow TLSv1.0 , TLSv1.1 for other users on same vip? How ever i am aware of IPs who i need to allow TLSV1.0 and 1.1 and rest of all only TLS1.2 only ? is it possible if i can create Data group with IPs of the ursers to allow TLSv1.1 and TLSv1.0 ? your help is greatly appreciated.

I think you had another post that refers to the same project: https://devcentral.f5.com/questions/irule-for-restricting-selected-ips-for-not-using-tlsv1-and-11-60288

irule required. | DevCentral

AceDawg1
Nimbostratus
Jun 22, 2018
I think you had another post that refers to the same project:

https://devcentral.f5.com/questions/irule-for-restricting-selected-ips-for-not-using-tlsv1-and-11-60288
- vvskaladhar_488
  Nimbostratus
  Jun 25, 2018
  HI Jason,
  
  I have tried above but it did not helped. more over i am not users client and server SSL profiles. its all client profile which was tagged to the VIP.
  
  when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr] eq $TLSV1.0_1.1_Disable ]} { SSL::profile kaladhar.adc.com_TLS } else { SSL::profile kaladhar.adc.com_client-ssl } }
  
  I created Data group with Name :TLSV1.0_1.1_Disable ( added one of the testip from interent) created 2 profiles 1 with TLSv1.0 and 1.1 disable and on has no disabled of TLS enabled TLSv1.0 . After tagging this irule i see the url stooped working and unable to run qualys scan.and getting below error for all the users.
  
  Assessment failed: No secure protocols supported .
AceDawg_204810
Cirrus
Jun 22, 2018
I think you had another post that refers to the same project:

https://devcentral.f5.com/questions/irule-for-restricting-selected-ips-for-not-using-tlsv1-and-11-60288
- vvskaladhar_488
  Nimbostratus
  Jun 25, 2018
  HI Jason,
  
  I have tried above but it did not helped. more over i am not users client and server SSL profiles. its all client profile which was tagged to the VIP.
  
  when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr] eq $TLSV1.0_1.1_Disable ]} { SSL::profile kaladhar.adc.com_TLS } else { SSL::profile kaladhar.adc.com_client-ssl } }
  
  I created Data group with Name :TLSV1.0_1.1_Disable ( added one of the testip from interent) created 2 profiles 1 with TLSv1.0 and 1.1 disable and on has no disabled of TLS enabled TLSv1.0 . After tagging this irule i see the url stooped working and unable to run qualys scan.and getting below error for all the users.
  
  Assessment failed: No secure protocols supported .
JRahm
Admin
Jun 22, 2018
The base iRule you are looking for is in the SSL::profile wiki page examples.

Forum Discussion

irule required.

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

F5 BIG-IP Sizing Requirement

F5 LTM TCP traffic can't be meet this require

Node name requirements

Commoditized Software Requires Protection

How to create an irule for below mentioned requirement

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS