Forum Discussion
Kai_Wilke
Feb 25, 2016MVP
Hi Almassud,
this snipped should work and provides some compliance check results to the errorpage...
when CLIENTSSL_HANDSHAKE {
if { [SSL::cipher version] equals "TLSv1.2" } then {
set deny_reason ""
} else {
set deny_reason [URI::encode [b64encode "Denied SSL Handshake for Client [IP::client_addr]:[TCP::client_port] using [SSL::cipher version], [SSL::cipher name] and [SSL::cipher bits]"]]
}
}
when HTTP_REQUEST {
if { $deny_reason ne "" } then {
HTTP::redirect "http://www.domain.de/errorpage.html?reason=$deny_reason
TCP::close
event disable all
return
}
}
Note: Keep in mind that you have to allow the legacy SSL/TLS version in your Clientside SSL Profile. The security check is then performed in the outlined iRule.
Cheers, Kai