For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

adcounts's avatar
adcounts
Icon for Nimbostratus rankNimbostratus
Aug 17, 2015

iRule to provide CIPHER for specifc hosts

I am running into a situation that I think I can fix with an iRule but don't know how to go about writing it. I need to control the CIPHER that is presented to a Client but want it to be different based on the Source Address of the client.

 

For Example: If Client is 10.3.4.2 I want to present them with DEFAULT:SSLv3

 

If Client is 10.1.1.1 I want to present them with DEFAULT:!TLS1_0

 

Can someone please help guide me on how to write this rule. I need to do something like this so that my Server 2008 32-bit servers can still connect to my sites but only present TLSv1.1 and TLSv1.2 to everyone else.

 

application delivery
cipher
devops
iRules
LTM
security

1 Reply

  • Walter_Kacynski's avatar
    Walter_Kacynski
    Icon for Cirrostratus rankCirrostratus
    Aug 17, 2015

    I do this TCL command SSL::profile to change which SSL profile is applied in the CLIENT_ACCEPTED event.

    when CLIENT_ACCEPTED {
  if { ([IP::addr [IP::client_addr] equals 10.3.88.229 ]) || ([IP::addr [IP::client_addr] equals 10.3.91.179 ]) } {
    SSL::profile F5Support-ClientSSL
}