Inject TLS version into HTTP header

Question

I'm planning to disable support for TLS 1.0, but want to give my users some time to update to modern browsers before I pull the plug on older browsers that don't support TLS 1.1 and 1.2. I'd like to display a message ("It's time to upgrade your browser") in my web app for customers who negotiate a TLS 1.0 connection.&nbsp;
Is it possible to inject an HTTP header (say "tls-version") into the browser's request?&nbsp;

brad_parker_139 · Accepted Answer

Yep, this should do the trick for you.
when HTTP_REQUEST {
    HTTP::header insert "tls-version" [SSL::cipher version]
}

doppler44_23469 · Answer

Brad, thank you. That's much simpler than I thought it would be.

doppler44_23469 · Answer

Brad, thank you. That's much simpler than I thought it would be.

doppler44_23469 · Answer

That did the trick. The header appears with the appropriate value: "TLSv1", "TLSv1.1", or "TLSv1.2".

Thanks again.

doppler44_23469 · Answer

That did the trick. The header appears with the appropriate value: "TLSv1", "TLSv1.1", or "TLSv1.2".

Thanks again.

Forum Discussion

Inject TLS version into HTTP header

7 Replies

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

Serverside SNI injection iRule

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

Automation of OWASP Injection mitigation using F5 Distributed Cloud Platform

Google Analytics script injection

TMOS Version Update Paths