NimbostratusI have a vip that only uses TLS 1.0 and 1.1 but I just got a request that lets say out of 200 apps running behind the one vip the dev team want to set 20 Apps, URL'S with in that VIP to use only TLS 1.2 and the remainder sites in that one vip will continue to use TLS 1.0 and or 1.1.
My question is, can an Irule be created to do this kind of TLS separation behind the one VIP?
Thank you
MVPDJ2 I think the easiest option here is if the clients can use SNI, you would then configure two different SSL certs that have different FQDNs associated to them you can split it that way because you can associate different SSL ciphers to the two individual SSL client profiles. I don't believe you can do this without SNI because the F5 is not able to see the host header until after the SSL handshake process completes which is after the cipher suite is selected. With SNI the FQDN that is being used from the client side is sent in the initial request so you can select the appropriate SSL client profile which will have the associated SSL ciphers and TLS that you would like for that group of names.