Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

aliasgar215's avatar
aliasgar215
Icon for Nimbostratus rankNimbostratus
Dec 20, 2024

Switch ssl profile based on weak cipher detection via IRULE

Hi Team, I am looking to create an IRULE to switch ssl profile, if weak cipher detected on tls1.2connection   I have created below script but it not accepting on f5 and giving error. Please help m...
event
security
zamroni777's avatar
zamroni777
Icon for MVP rankMVP
Dec 25, 2024

you might not need irules.
the cipher that will be used is selected by tls server and based on order f5 client side ssl profile.
so you just need to 1 cipher list with strong ciphers for new clients and weak ciphers for old clients and properly arrange them from strongest to weakest.

aliasgar215's avatar
aliasgar215
Icon for Nimbostratus rankNimbostratus
Dec 25, 2024

I agree that keeping strong and weak cipher together will get us the same result. But i dont want to disturb the main SSL client profile. So i am looking for a IRULE solution, which can be removed without disturbing any main configuration.