Issue on disabling TLS 1.0 / TLS 1.1
Hello,
We have a problem with an LTM (Local Trafic Manager) when we turn off TLS 1.0 and 1.1. Indeed when protocols are disabled in SSL profiles, the F5 does not return any error to the client. We would like to disable these protocols and returning a html code to our clients when he goes on the website.
We have prepared an irule that looks like this:
when HTTP_REQUEST {
if {[SSL :: cipher version]! = "TLSv1.2"}
{HTTP :: respond 503 content {
my html
}
}
This irule works if we don’t disable both protocols directly in the SSL profile. On the other hand, when this is the case, the F5 does not even read the irule. I think it is the trigger condition of the irule that is wrong, when the handshake fail, there is no HTTP request.
We are looking for a solution to setup an irule that would return a html code or that makes a redirection to another url in case of SSL handshake failure.
Someone can help me ?