For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

aliasgar215's avatar
aliasgar215
Icon for Nimbostratus rankNimbostratus
Dec 20, 2024

Switch ssl profile based on weak cipher detection via IRULE

Hi Team, I am looking to create an IRULE to switch ssl profile, if weak cipher detected on tls1.2connection   I have created below script but it not accepting on f5 and giving error. Please help m...
event
security
zamroni777's avatar
zamroni777
Icon for MVP rankMVP
Dec 26, 2024

you might not need irules.
the cipher that will be used is selected by tls server and based on order f5 client side ssl profile.
so you just need to 1 cipher list with strong ciphers for new clients and weak ciphers for old clients and properly arrange them from strongest to weakest.

  • aliasgar215's avatar
    aliasgar215
    Icon for Nimbostratus rankNimbostratus
    Dec 26, 2024

    I agree that keeping strong and weak cipher together will get us the same result. But i dont want to disturb the main SSL client profile. So i am looking for a IRULE solution, which can be removed without disturbing any main configuration.