ltm rule command SSL cipher
iRule(1) BIG-IP TMSH Manual iRule(1)
SSL::cipher
Returns SSL cipher information.
SYNOPSIS
SSL::cipher (bits | name | version |
(clientlist (-codes)?))
DESCRIPTION
Returns an SSL cipher name, its version, and the number of secret bits
used.
RETURN VALUE
SSL::cipher name
Returns the current SSL cipher name using the format of the
(e.g. "EDH-RSA-DES-CBC3-SHA"
or "RC4-MD5").
SSL::cipher version
Returns the current SSL cipher version using the format of the
(e.g. "SSLv2", "SSLv3",
"TLSv1", "TLSv1.1", "TLSv1.2").
SSL::cipher bits
Returns the number of secret bits that the current SSL cipher used,
using the format of the (e.g.
256, 128 or 40).
VALID DURING
EXAMPLES
when HTTP_REQUEST {
# Check encryption strength
if { [SSL::cipher bits] >= 128 } {
pool web_servers
} else {
# Client is using a weak cipher
# Use one of the destination commands
# Either specify a pool
pool sorry_servers
# or to a specific node
node 10.10.10.10
# or send a 302 response to redirect to a specific URL
# Set cache control headers to prevent proxies from caching the response.
HTTP::respond 302 Location "http://some_address/sorry.html" Cache-Control No-Cache Pragma No-Cache
}
}
HINTS
SEE ALSO
Sample Code:
- Select a pool based on the
client's encryption level.
- I had a
requirement to have the F5 BigIP produce logs which replicated our ...
- This iRule
sends an HTTP redirect to clients who make an HTTP request to an HTTPS
virtual server
- This rule illustrates how to
redirect a client to an un-encrypted page with an informational error
if the client does not have at least 128 bits of encryption.
CHANGE LOG
@BIGIP-9.0.0 --First introduced the command.
BIG-IP 2017-01-31 iRule(1)