Cipher Strength Pool Selection

Problem this snippet solves:

Select a pool based on the client's encryption level.

This rule illustrates how to select a pool based on the client's encryption level.

Code :

rule CipherStrengthPoolSelection {
  when HTTP_REQUEST {
    log local0. "[IP::remote_addr]: SSL cipher strength is [SSL::cipher bits]"
    if { [SSL::cipher bits] < 128 }{
      pool weak_encryption_pool
    } else {
      pool strong_encryption_pool
    }
  }
}
Published Mar 16, 2015
Version 1.0

Was this article helpful?

No CommentsBe the first to comment