For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

DP's avatar
DP
Icon for Nimbostratus rankNimbostratus
Jun 21, 2018

STARTTLS Proxy

Hi. I'm trying to setup a TLSv1.0 -> TLSv1.2 proxy for STARTTLS SMTP traffic. We need to disable TLSv1.0 and TLSv1.1, on STARTTLS sessions, for compliance reasons on our mail server. Another requ...
iRules
LTM
security
Anesh's avatar
Anesh
Icon for Cirrostratus rankCirrostratus
Jun 21, 2018

try

 when CLIENT_ACCEPTED {

 SSL::disable
 TCP::collect 3
}

when CLIENT_DATA {

    if { [TCP::payload length] >= 3 } {
          binary scan [TCP::payload 3] H* hex
          log local0. "Payload in HEX: $hex"

          switch $hex {

            "160301" {
        SSL::profile Legacy_Mail
                SSL::enable
             } 
        default {
                SSL::enable
            }           
    }
    }

        TCP::release

}