cancel
Showing results for 
Search instead for 
Did you mean: 

SSL disable/enable based on SSL Cipher

tetsuro
Nimbostratus
Nimbostratus

I want to enable/disable SSL based on SSL Cipher version. I have created the following iRule, but it does not work as expected.

 

when CLIENTSSL_CLIENTHELLO { log local0. "[SSL::cipher version]" if { [SSL::cipher version] <= "TLSv1.2" } { SSL::disable pool pool_1 } else { SSL::enable pool pool_2 } }

I confirming that traffic forward with the specified Pool.

 

Could you tell me how to make the expected behavior?

 

1 REPLY 1

youssef1
Cumulonimbus
Cumulonimbus

Hi,

 

You want to disable SSL in server side? or client side?

 

Because if you want to disable SSL on client side it will be dificult. because your negotiation ssl is already started, that's what allows you to determine the protocol...

 

Can you explain exactly your context / need (why you want to do this). we could give you a better alternative.

 

regards