Forum Discussion

tetsuro's avatar
tetsuro
Icon for Nimbostratus rankNimbostratus
Dec 12, 2018

SSL disable/enable based on SSL Cipher

I want to enable/disable SSL based on SSL Cipher version. I have created the following iRule, but it does not work as expected.

when CLIENTSSL_CLIENTHELLO { 
    log local0. "[SSL::cipher version]"
    if { [SSL::cipher version] <= "TLSv1.2" } {
        SSL::disable
        pool pool_1
}
    else {
        SSL::enable
        pool pool_2
    }
}

I confirming that traffic forward with the specified Pool.

Could you tell me how to make the expected behavior?

1 Reply

  • Hi,

     

    You want to disable SSL in server side? or client side?

     

    Because if you want to disable SSL on client side it will be dificult. because your negotiation ssl is already started, that's what allows you to determine the protocol...

     

    Can you explain exactly your context / need (why you want to do this). we could give you a better alternative.

     

    regards