Forum Discussion

Altocumulus

Sep 28, 2017

SSL fallback help

Hi, we have a SSL VIP that currently only supports TLS1.2 (via ciphers) anything else will fail which is great. We are launching a new public website soon that we would like older clients to be able...

Nimbostratus

Sep 28, 2017

Since the TLS handshake happens before the request and we can tell what type of browser this is, we can't really say what type of browsers are allowed to use which ciphers. I suppose you could set up an iRule to examine the request and force a renegotiation with a different profile but that will be a bit unwieldy I think. I think sooner or later you just have to make a decision to not support older and insecure browsers.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)