Forum Discussion
madi_56757
Nimbostratus
Nimbostratusverifying ssl encryption
Hello
Is it possible to verifying in a irule the client encrypton of ssl
The problem is i will configure a VIP to terminate the SSL (443)
and if the encryption gre...
Thomas_SchaeferNimbostratus
NimbostratusI know this is an old thread, but I have a specific question about it. I setup a test with a tool called THCSSLCheck. It basically lists the ciphers that the server supports. This is similar to when the site is scanned by our infosec folks and they report to us that a site supports keys less than 128 bits. The issue is that I created an iRule to redirect users to apage to tell them why we are rejecting the session. It appears that the SSL session must already be established as even with this iRule, the scanner still shows us accepting the weak keys. Is it possible to have an iRUle look at the cipher bits and not complete the SSL session if the cipher is not at least 128 bits. Note that the iRule works just fine and the redirect works, but I will still end up getting scanner results that show it supported. Note that is I reject the connection in CLIENTSSL_HANDSHAKE I get the same behavior as if I disabled the weak ciphers in the profile. I guess I want it both ways in that I want to reject the SSL session but I also want to send a redirect.
Thanks for you consideration
Tom
