iRule to provide CIPHER for specifc hosts

Question

I am running into a situation that I think I can fix with an iRule but don't know how to go about writing it. I need to control the CIPHER that is presented to a Client but want it to be different based on the Source Address of the client. &nbsp;
For Example:
If Client is 10.3.4.2 I want to present them with DEFAULT:SSLv3&nbsp;
If Client is 10.1.1.1 I want to present them with DEFAULT:!TLS1_0&nbsp;
Can someone please help guide me on how to write this rule. I need to do something like this so that my Server 2008 32-bit servers can still connect to my sites but only present TLSv1.1 and TLSv1.2 to everyone else.&nbsp;

walter_kacynski · Answer

I do this TCL command SSL::profile to change which SSL profile is applied in the CLIENT_ACCEPTED event.
when CLIENT_ACCEPTED {
  if { ([IP::addr [IP::client_addr] equals 10.3.88.229 ]) || ([IP::addr [IP::client_addr] equals 10.3.91.179 ]) } {
    SSL::profile F5Support-ClientSSL
}

Forum Discussion

iRule to provide CIPHER for specifc hosts

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Related Content

F5 APM as Service Provider (SP) and Microsoft AzureAD as Identity Provider (IDP)

Cipher Suite Practices and Pitfalls

F5 Distributed Cloud Customer Edge Sites: Deploy rapidly and easily to most platforms and providers

Enable SAML Service Provider on F5 Distributed Cloud Application

LTM Cipher rule

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS