ltm rule command SSL disableΒΆ

iRule(1)						BIG-IP TMSH Manual						  iRule(1)

SSL::disable
       Disables SSL processing.

SYNOPSIS
       SSL::disable (clientside | serverside)?

DESCRIPTION
       Disables SSL processing. This command is useful when using a virtual server that services both SSL and non-SSL traffic, or
       when you want to selectively re-encrypt traffic to pool members.

       Note: Disabling SSL on the serverside only applies before serverside connection has been established (SERVER_CONNECTED) or
       when the clientside of the connection is in a detached state (e.g., oneconnect, LB::detach).

RETURN VALUE
       SSL::disable [clientside | serverside]
	   Disables SSL processing on one side of the LTM. Sends an SSL alert to the peer requesting termination of SSL
       processing.
	   By default, the side that is disabled is the currently running context (so, running SSL::disable in a client-side event
       will disable client-side SSL). This can be changed via the "clientside" or "serverside" parameter.

VALID DURING
       ANY_EVENT

EXAMPLES
	when CLIENT_ACCEPTED {
	    if { [TCP::local_port] == 80 } {
		SSL::disable
		pool myPool
	    } elseif { [TCP::local_port] == 443 } {
		pool myPool
	    } else {
		discard
	    }
	}

	when HTTP_REQUEST {
	    set usessl 0
	    if { [string tolower [HTTP::uri]] starts_with "/secure" } {
		pool ssl__pool
		set usessl 1
	    } else {
		pool static_pool
		set usessl 0
	    }
	}
	when SERVER_CONNECTED {
	    if { $usessl == 0 } {
		SSL::disable
	    }
	}

	when HTTP_REQUEST {
	    if { [HTTP::uri] starts_with "/old"}{
		SSL::disable serverside
		pool TestPool1
	    } else {
		pool TestPool2
	    }
	}

HINTS
SEE ALSO
       How To Avoid SSL Handshake When No Pool Member Available
        - Rejects connection before
       handshake if no pool members are available HTTPS passthrough fallback URL
        - This iRule allows an administrator to pass
       HTTPS traffic through the BIG-IP...  SMTP Start TLS  - allows
       either clear text or TLS encrypted communication with SMTP protocol SMTPStartTLS
        - This iRule allows either clear text or TLS encrypted
       communication with the LTM initiating the encryption process if it sees the appropriate "starttls" command in the SMTP
       communication.  TLS Server Name Indication  - Server
       Name Indication (TLS SNI) allows dynamic selection of clientssl profiles and pools

CHANGE LOG
       @BIGIP-9.0.0 --First introduced the command.

BIG-IP							    2022-04-12							  iRule(1)