Forum Discussion

Martin182's avatar
Martin182
Icon for Nimbostratus rankNimbostratus
Sep 22, 2023

Cipher suite mismatch advertisement/warning

Hi, this issue is linked to: https://community.f5.com/t5/technical-forum/cipher-suites-supported-12-1-5-3/m-p/321291#M271493   Finally we have decided to leave only ECDHE ciphers. As I said, mayb...
  • Paulius's avatar
    Paulius
    Sep 23, 2023

    Martin182 So in iRule event CLIENTSSL_CLIENTHELLO is when the SSL ciphers are sent and then in CLIENTSSL_HANDSHAKE is when the SSL handshake finishes for an HTTPS connection. You would not be able to send any redirect or message until you reached the HTTP_REQUEST event occurs which is after the HTTPS connection establishes. If you cannot establish and HTTPS connection then you cannot send a message back to the client. This is the reason why I was stating that prior to your chipher change date you should have the website in question have a popup stating the cipher change and then a link to where they can go to validate the SSL ciphers that their browser supports.