ltm rule command SSL enable
iRule(1) BIG-IP TMSH Manual iRule(1)
SSL::enable
Re-enables SSL processing.
SYNOPSIS
SSL::enable (clientside | serverside)?
DESCRIPTION
Re-enables SSL processing.
Note that the proper use of this command is highly protocol dependent
and not recommended in the majority of cases. To selectively enable SSL
processing, you should instead use an ssl profile and then use
SSL::disable to selectively disable SSL processing.
If a server-side connection is already established, this command will
immediately cause the system to generate a Client Hello to a server,
even if an iRule subsequently invokes SSL::disable serverside. That is,
the command synchronously enables the Server SSL profile, instead of
waiting until the end of the current iRule event execution.
RETURN VALUE
SSL::enable [clientside | serverside]
Re-enables SSL processing on one side of the LTM.
serverside parameter may optionally be specified to indicate the
context in which SSL will be enabled. By default, it will be enabled in
the current context (i.e., running "SSL::enable" in a clientside event
with no context parameter specified will enable clientside SSL).
VALID DURING
ANY_EVENT
EXAMPLES
when CLIENT_ACCEPTED {
if { !([IP::addr [IP::client_addr] eq 10.0.0.0/8]) } {
SSL::enable
TCP::release
set sslenable 0
}
}
HINTS
SEE ALSO
- allows either clear text or TLS encrypted
communication with SMTP protocol - This iRule allows
either clear text or TLS encrypted communication with the LTM
initiating the encryption process if it sees the appropriate "starttls"
command in the SMTP communication. -
Server Name Indication (TLS SNI) allows dynamic selection of clientssl
profiles and pools
CHANGE LOG
@BIGIP-9.0.0 --First introduced the command.
BIG-IP 2017-01-31 iRule(1)