Product Documentation

Configure SSLv2 redirection

For an SSL transaction to be initiated, and for successful completion of the SSL handshake, the server and the client should agree on an SSL protocol that both of them support. If the SSL protocol version supported by the client is not acceptable to the server, the server does not go ahead with the transaction, and an error message is displayed.

You can configure the server to display a precise error message (user-configured or internally generated) advising the client on the next action to be taken. Configuring the server to display this message requires that you set up SSLv2 redirection.

Configure SSLv2 redirection by using the CLI

At the command prompt, type the following commands to configure SSLv2 redirection and verify the configuration:

-  set ssl vserver <vServerName> [-sslv2Redirect ( ENABLED | DISABLED ) [-sslv2URL <URL>]]  
-  show ssl vserver <vServerName>  

Example:

set ssl vserver vs-ssl -sslv2Redirect ENABLED -sslv2URL http://sslv2URL
Done

show ssl vserver vs-ssl

        Advanced SSL configuration for VServer vs-ssl:
        DH: DISABLED
        Ephemeral RSA: ENABLED          Refresh Count: 1000
        Session Reuse: ENABLED          Timeout: 600 seconds
        Cipher Redirect: DISABLED
        SSLv2 Redirect: ENABLED Redirect URL: http://sslv2URL
        ClearText Port: 0
        Client Auth: DISABLED
        SSL Redirect: DISABLED
        Non FIPS Ciphers: DISABLED
        SNI: DISABLED
        OCSP Stapling: DISABLED
        HSTS: DISABLED
        HSTS IncludeSubDomains: NO
        HSTS Max-Age: 0
        SSLv2: DISABLED SSLv3: ENABLED  TLSv1.0: ENABLED TLSv1.2: ENABLED  TLSv1.2: ENABLED

1)      CertKey Name: Auth-Cert-1       Server Certificate

1)      Cipher Name: DEFAULT
        Description: Predefined Cipher Alias
Done

Configure SSLv2 redirection by using the GUI

  1. Navigate to Traffic Management > Load Balancing > Virtual Servers, and open a virtual server.
  2. In the SSL Parameters section, select SSLv2 Redirect, and specify a URL.

Configure SSLv2 redirection