ltm rule command SSL disableΒΆ

iRule(1)					  BIG-IP TMSH Manual					     iRule(1)

SSL::disable
       Disables SSL processing.

SYNOPSIS
       SSL::disable (clientside | serverside)?

DESCRIPTION
       Disables SSL processing. This command is useful when using a virtual server that services both SSL and non-SSL
       traffic, or when you want to selectively re-encrypt traffic to pool members.

       Note: Disabling SSL on the serverside only applies before serverside connection has been established
       (SERVER_CONNECTED) or when the clientside of the connection is in a detached state (e.g., oneconnect,
       LB::detach).

RETURN VALUE
       SSL::disable [clientside | serverside]
	   Disables SSL processing on one side of the LTM. Sends an SSL alert to the peer requesting termination of
       SSL processing.
	   By default, the side that is disabled is the currently running context (so, running SSL::disable in a
       client-side event will disable client-side SSL). This can be changed via the "clientside" or "serverside"
       parameter.

VALID DURING
       ANY_EVENT

EXAMPLES
	when CLIENT_ACCEPTED {
	    if { [TCP::local_port] == 80 } {
		SSL::disable
		pool myPool
	    } elseif { [TCP::local_port] == 443 } {
		pool myPool
	    } else {
		discard
	    }
	}

	when HTTP_REQUEST {
	    set usessl 0
	    if { [string tolower [HTTP::uri]] starts_with "/secure" } {
		pool ssl__pool
		set usessl 1
	    } else {
		pool static_pool
		set usessl 0
	    }
	}
	when SERVER_CONNECTED {
	    if { $usessl == 0 } {
		SSL::disable
	    }
	}

	when HTTP_REQUEST {
	    if { [HTTP::uri] starts_with "/old"}{
		SSL::disable serverside
		pool TestPool1
	    } else {
		pool TestPool2
	    }
	}

HINTS
SEE ALSO
       How To Avoid SSL Handshake When No Pool Member Available
        - Rejects
       connection before handshake if no pool members are available HTTPS passthrough fallback URL
        - This iRule allows an
       administrator to pass HTTPS traffic through the BIG-IP...  SMTP Start TLS
        - allows either clear text or TLS encrypted
       communication with SMTP protocol SMTPStartTLS  - This
       iRule allows either clear text or TLS encrypted communication with the LTM initiating the encryption process
       if it sees the appropriate "starttls" command in the SMTP communication.  TLS Server Name Indication
        - Server Name Indication (TLS SNI)
       allows dynamic selection of clientssl profiles and pools

CHANGE LOG
       @BIGIP-9.0.0 --First introduced the command.

BIG-IP						      2020-06-23					     iRule(1)