Solved
Forum Discussion
mihaic
MVP
Usually, you have an SSL client profile per virtual server, right? I don't see why you want to do it in an irule.
You can try to reject the connection if it has a TLS version, but I don't know if you can change the TLS version:
when CLIENTSSL_CLIENTHELLO {
if {([SSL::cipher version] equals "TLSv1.1") || ([SSL::cipher version] equals "TLSv1")} {
log local0. "DETECTED-TLSv1-CONNECTION - LOG_SSL_LEVEL - REJECT Client: [IP::client_addr] [SSL::cipher version] - [SSL::cipher name] - [SSL::cipher bits] - For the VIP - [virtual name]"
reject }
else
{
log local0. "DETECTED-TLSv1-CONNECTION - LOG_SSL_LEVEL - ACCEPT Client: [IP::client_addr] [SSL::cipher version] - [SSL::cipher name] - [SSL::cipher bits] - For the VIP - [virtual name]"
}
}
Cpet
Feb 22, 2023Altocumulus
In that case i have many VS with the same SSL profile and I wanted to know if it was possible to do it with an irule.
I will try the suggested irule.
Thanks