For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

TMcGov_92811's avatar
TMcGov_92811
Icon for Nimbostratus rankNimbostratus
Dec 08, 2008

iRule to log SSL failures due to weak encryption

I have implemented the following Ciper in an SSL profile per F5 support to prevent SSLv2 or weak encryption schemes from connecting.     ALL:!NULL:!ADH:!LOW:!EXP:RC4+RSA:!SSLv2:+HIGH:+MEDIU...
application delivery
dev
devops
iRules
dennypayne's avatar
dennypayne
Icon for Employee rankEmployee
Dec 08, 2008
If it's getting blocked by the profile, it will never get to the iRule at all. I did a similar rule where the customer wanted to redirect anybody less than 128 bit and not using SSLv3 or TLS to a "Please upgrade your browser" page, and I had to let the profile allow ALL because the iRule won't do anything until the decryption is done.

 

 

Denny