SSL Information in Client Request Headers
This article relates to LoadMaster firmware version 7.2.52.
In LoadMaster firmware version 7.2.52, a new check box called Add Received Cipher Name was added to the SSL Properties section of the Virtual Service modify screen for HTTP/HTTPS Virtual Services. This option is disabled by default which means there is no change from the behavior in previous releases. When this option is enabled, the LoadMaster adds the headers described in the tables below.
The information obtained from these headers can be used in content rules by including the associated variables in the table below in the rule, which can then be used to make load balancing decisions based on, for example, the cipher used.
This information can also be useful, for example, as you maintain cipher sets over time; it allows you to see which ciphers are being used and can help you plan what ciphers to change or delete in the cipher sets. The Add Received Cipher Name check box must be enabled for these variables to work.
Header | Description | Example Value | Content Rule Variable |
X-SSL-Cipher | The cipher used. | X-SSL-Cipher: ECDHE-RSA-AES256-GCM-SHA384 | ssl-cipher |
| X-SSL-Protocol | The SSL protocol version used. | X-SSL-Protocol: TLSv1.2 | ssl-version |
| X-SSL-Serialid | The Virtual Service certificate serial number. | X-SSL-Serialid: 4900000006A2ABDC165ACEAD55000000000006 | ssl-clientserialid |
| X-SSL-ClientSerialid | The client certificate serial number. | X-SSL-ClientSerialid: 490000005D6898F3C7E590536100010000005D | ssl-serialid |
| X-SSL-SNIHost | The value of the received SNI name. | X-SSL-SNIHost: sni.test.com | ssl-sni |
Application Programming Interface (API) Details
To enable or disable the PassCipher parameter, run the following command:
/access/modvs?vs=<VirtualServiceIPAddress>&prot=<Protocol>&port=<Port>&PassCipher=<0/1>
0 - Disabled
1 - Enabled
For further details on the RESTful API in general, refer to the Long Term Support (LTS) RESTful API Interface Description document.
For PowerShell help, run the Get-Help command for the relevant commands.