Use different ciphers for a host when using policies

Question

Hello,&nbsp;
I was wondering if it possible to use different ciphers for different hosts (e.g test123.com) when using policies to forward traffic to different pools on the same virtual server? &nbsp;
I can't modify the whole ssl client profile that is attached to the virtual server because tightened ciphers could break some sites that are not test123.com&nbsp;
BR &nbsp;
Teemu&nbsp;

srini_87152 · Answer

I dont think its possible, i was testing same thing with SNI SSL profiles but they are not working if profiles are on diff chipers.&nbsp;
i hope,all SSL profile should have same ciphers.&nbsp;
Let see if any one tested diff way.&nbsp;
Thx&nbsp;
Srini&nbsp;

teemu_kunnari_1 · Answer

But there is the option when configuring a policy:&nbsp;
Match all of the following conditions:
CLIENT SSL cipher is any of  at request time
and then add the HTTP Host is  &nbsp;
Shouldn't this work?&nbsp;
br &nbsp;
teemu&nbsp;

andy_mcgrath · Answer

You can do by enabling renegotiation with the SSL Profiles and swapping but this is not a recommended solution.&nbsp;
First the security issues, second all connections would go through multiple SSL connections so slowing things down.&nbsp;
Recommend configuring multiple Virtual Severs with different SSL Profiles. Simple, more secure and easy to manage than a complex set of iRules.&nbsp;

Forum Discussion

Use different ciphers for a host when using policies

Recent Discussions

XC Bot defense question

LTM Rule, iRule, or Brute Force Configuration to Limit URL Access

NetScaler to F5 Migration

Application only need to access from 2 uris

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Related Content

Cipher Suite Practices and Pitfalls

Different policies same destination and pool

LTM Cipher rule

Cipher Suites Supported (12.1.5.3)

LTM policy to route traffic to different pools

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS