SSL::cipher¶
Description¶
Returns an SSL cipher name, its version, and the number of secret bits
used.
Syntax¶
SSL::cipher name
SSL::cipher version
SSL::cipher bits
SSL::cipher name¶
- Returns the current SSL cipher name using the format of the OpenSSL SSL_CIPHER_get_name() function (e.g. “EDH-RSA-DES-CBC3-SHA” or “RC4-MD5”).
SSL::cipher version¶
- Returns the current SSL cipher version using the format of the OpenSSL SSL_CIPHER_get_version() function (e.g. “SSLv2”, “SSLv3”, “TLSv1”, “TLSv1.1”, “TLSv1.2”).
SSL::cipher bits¶
- Returns the number of secret bits that the current SSL cipher used, using the format of the OpenSSL ‘’’SSL_CIPHER_get_bits()* function (e.g. 256, 128 or 40).
Examples¶
when HTTP_REQUEST {
# Check encryption strength
if { [SSL::cipher bits] >= 128 } {
pool web_servers
} else {
# Client is using a weak cipher
# Use one of the destination commands
# Either specify a pool
pool sorry_servers
# or to a specific node
node 10.10.10.10
# or send a 302 response to redirect to a specific URL
# Set cache control headers to prevent proxies from caching the response.
HTTP::respond 302 Location "http://some_address/sorry.html" Cache-Control No-Cache Pragma No-Cache
}
}