Forum Discussion

Cirrus

Sep 22, 2023

Solved

Cipher suite mismatch advertisement/warning

Hi, this issue is linked to: https://community.f5.com/t5/technical-forum/cipher-suites-supported-12-1-5-3/m-p/321291#M271493 Finally we have decided to leave only ECDHE ciphers. As I said, mayb...

announcement

event

security

Paulius
Sep 23, 2023
Martin182 So in iRule event CLIENTSSL_CLIENTHELLO is when the SSL ciphers are sent and then in CLIENTSSL_HANDSHAKE is when the SSL handshake finishes for an HTTPS connection. You would not be able to send any redirect or message until you reached the HTTP_REQUEST event occurs which is after the HTTPS connection establishes. If you cannot establish and HTTPS connection then you cannot send a message back to the client. This is the reason why I was stating that prior to your chipher change date you should have the website in question have a popup stating the cipher change and then a link to where they can go to validate the SSL ciphers that their browser supports.

Paulius

MVP

Sep 23, 2023

Martin182 So in iRule event CLIENTSSL_CLIENTHELLO is when the SSL ciphers are sent and then in CLIENTSSL_HANDSHAKE is when the SSL handshake finishes for an HTTPS connection. You would not be able to send any redirect or message until you reached the HTTP_REQUEST event occurs which is after the HTTPS connection establishes. If you cannot establish and HTTPS connection then you cannot send a message back to the client. This is the reason why I was stating that prior to your chipher change date you should have the website in question have a popup stating the cipher change and then a link to where they can go to validate the SSL ciphers that their browser supports.