Forum Discussion

Altocumulus

Sep 28, 2017

SSL fallback help

Hi, we have a SSL VIP that currently only supports TLS1.2 (via ciphers) anything else will fail which is great. We are launching a new public website soon that we would like older clients to be able...

Nimbostratus

Sep 28, 2017

Since the TLS handshake happens before the request and we can tell what type of browser this is, we can't really say what type of browsers are allowed to use which ciphers. I suppose you could set up an iRule to examine the request and force a renegotiation with a different profile but that will be a bit unwieldy I think. I think sooner or later you just have to make a decision to not support older and insecure browsers.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

SSL fallback help

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

CVE mitigation on F5 XC vs classic F5 WAF

Could not communicate with the system. Try to reload page.

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

SSL Orchestrator Service Extensions: DoH Guardian

HTTPS passthrough fallback URL

wccp configuration for SSL Orchestrator

SSL Profiles Part 6: SSL Renegotiation

Transparent Kerberos Authentication and APM fallback authentication

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS