Forum Discussion

Cindy_127211's avatar
Cindy_127211
Icon for Nimbostratus rankNimbostratus
Oct 20, 2005

Rule Reading SSLCipher Not working

Sorry for the really long post....I have been struggling with this for awhile now and would really appreciate any assistance!     I have created a rule for processing SSL version and encryption ...
application delivery
dev
devops
iRules
unRuleY_95363's avatar
unRuleY_95363
Historic F5 Account
Oct 20, 2005
I think it's simply a matter of logical grouping. In 4.x, we made the precedence of the "not" operator lower than the "and" operator. In 9.x, since we are based on Tcl, we inherited the precedence orders of Tcl. The "not" (or !) operator is now higher precendence than the logical operators. So, logically, that result of that if expression will be true when the cipher is not in the version class and does contain the proper bits.

Try adding parenthesis around the two matchclass commands like so:

if { ! ( [matchclass [HTTP::header SSLClientCipher] contains $::SSLVersion_Class] and [matchclass [HTTP::header SSLClientCipher] contains $::Encrypt_Class] ) } {

Also, you can add some log commands to confirm whether or not your logic is going where you expect.