Product Documentation

Configuring SSLv2 Redirection

Sep 01, 2016

For an SSL transaction to be initiated, and for successful completion of the SSL handshake, the server and the client should agree on an SSL protocol that both of them support. If the SSL protocol version supported by the client is not acceptable to the server, the server does not go ahead with the transaction, and an error message is displayed.

You can configure the server to display a precise error message (user-configured or internally generated) advising the client on the next action to be taken. Configuring the server to display this message requires that you set up SSLv2 redirection.

To configure SSLv2 redirection by using the command line interface

At the command prompt, type the following commands to configure SSLv2 redirection and verify the configuration:

  • set ssl vserver <vServerName> [-sslv2Redirect ( ENABLED | DISABLED ) [-sslv2URL <URL>]]
  • show ssl vserver <vServerName>

Example

 
> set ssl vserver vs-ssl -sslv2Redirect ENABLED -sslv2URL http://sslv2URL 
 Done 
> show ssl vserver vs-ssl 
 
        Advanced SSL configuration for VServer vs-ssl: 
        DH: DISABLED 
        Ephemeral RSA: ENABLED          Refresh Count: 1000 
        Session Reuse: ENABLED          Timeout: 600 seconds 
        Cipher Redirect: DISABLED         
        SSLv2 Redirect: ENABLED Redirect URL: http://sslv2URL 
        ClearText Port: 0 
        Client Auth: DISABLED 
        SSL Redirect: DISABLED 
        Non FIPS Ciphers: DISABLED 
        SSLv2: DISABLED SSLv3: ENABLED  TLSv1: ENABLED 
 
1)      CertKey Name: Auth-Cert-1       Server Certificate 
 
1)      Cipher Name: DEFAULT 
        Description: Predefined Cipher Alias 
 Done

To configure SSLv2 redirection by using the configuration utility

  1. Navigate to Traffic Management > Load Balancing > Virtual Servers, and open a virtual server.
  2. In the SSL Parameters section, select SSLv2 Redirect, and specify a URL.