Configure SSLv2 redirection
To initiate an SSL transaction and for successful completion of the SSL handshake, the server and the client must agree on an SSL protocol that both support. If the SSL protocol version supported by the client is not acceptable to the server, the server does not go ahead with the transaction. An error message is displayed.
You can configure the server to display a precise error message (user-configured or internally generated) advising the client on the next action to be taken. Configuring the server to display this message requires that you set up SSLv2 redirection.
Configure SSLv2 redirection by using the CLI
At the command prompt, type the following commands to configure SSLv2 redirection and verify the configuration:
- set ssl vserver <vServerName> [-sslv2Redirect ( ENABLED | DISABLED ) [-sslv2URL <URL>]]
- show ssl vserver <vServerName>
<!--NeedCopy-->
Example:
set ssl vserver vs-ssl -sslv2Redirect ENABLED -sslv2URL http://sslv2URL
Done
show ssl vserver vs-ssl
Advanced SSL configuration for VServer vs-ssl:
DH: DISABLED
Ephemeral RSA: ENABLED Refresh Count: 1000
Session Reuse: ENABLED Timeout: 600 seconds
Cipher Redirect: DISABLED
SSLv2 Redirect: ENABLED Redirect URL: http://sslv2URL
ClearText Port: 0
Client Auth: DISABLED
SSL Redirect: DISABLED
Non FIPS Ciphers: DISABLED
SNI: DISABLED
OCSP Stapling: DISABLED
HSTS: DISABLED
HSTS IncludeSubDomains: NO
HSTS Max-Age: 0
SSLv2: DISABLED SSLv3: ENABLED TLSv1.0: ENABLED TLSv1.2: ENABLED TLSv1.2: ENABLED
1) CertKey Name: Auth-Cert-1 Server Certificate
1) Cipher Name: DEFAULT
Description: Predefined Cipher Alias
Done
<!--NeedCopy-->
Configure SSLv2 redirection by using the GUI
- Navigate to Traffic Management > Load Balancing > Virtual Servers, and open a virtual server.
- In the SSL Parameters section, select SSLv2 Redirect, and specify a URL.
Configure SSLv2 redirection
Copied!
Failed!