ltm rule command SSL cipher

iRule(1)		      BIG-IP TMSH Manual		      iRule(1)



SSL::cipher
       Returns SSL cipher information.

SYNOPSIS
       SSL::cipher (bits | name | version |
			    (clientlist (-codes)?))

DESCRIPTION
       Returns an SSL cipher name, its version, and the number of secret bits
       used.

RETURN VALUE
       SSL::cipher name
	   Returns the current SSL cipher name using the format of the
        (e.g. "EDH-RSA-DES-CBC3-SHA"
       or "RC4-MD5").

       SSL::cipher version
	   Returns the current SSL cipher version using the format of the
        (e.g. "SSLv2", "SSLv3",
       "TLSv1", "TLSv1.1", "TLSv1.2").

       SSL::cipher bits
	   Returns the number of secret bits that the current SSL cipher used,
       using the format of the  (e.g.
       256, 128 or 40).

VALID DURING
EXAMPLES
	when HTTP_REQUEST {
	    # Check encryption strength
	    if { [SSL::cipher bits] >= 128 } {
		pool web_servers
	    } else {
		# Client is using a weak cipher
		# Use one of the destination commands

		# Either specify a pool
		pool sorry_servers

		# or to a specific node
		node 10.10.10.10

		# or send a 302 response to redirect to a specific URL
		# Set cache control headers to prevent proxies from caching the response.
		HTTP::respond 302 Location "http://some_address/sorry.html" Cache-Control No-Cache Pragma No-Cache
	    }
	}

HINTS
SEE ALSO
       Sample Code:
	    - Select a pool based on the
       client's encryption level.
	    - I had a
       requirement to have the F5 BigIP produce logs which replicated our ...
	    - This iRule
       sends an HTTP redirect to clients who make an HTTP request to an HTTPS
       virtual server
	    - This rule illustrates how to
       redirect a client to an un-encrypted page with an informational error
       if the client does not have at least 128 bits of encryption.

CHANGE LOG
       @BIGIP-9.0.0 --First introduced the command.



BIG-IP				  2017-01-31			      iRule(1)