SSL Information in Client Request Headers

This article relates to LoadMaster firmware version 7.2.52.

In LoadMaster firmware version 7.2.52, a new check box called Add Received Cipher Name was added to the SSL Properties section of the Virtual Service modify screen for HTTP/HTTPS Virtual Services. This option is disabled by default which means there is no change from the behavior in previous releases. When this option is enabled, the LoadMaster adds the headers described in the tables below.

The information obtained from these headers can be used in content rules by including the associated variables in the table below in the rule, which can then be used to make load balancing decisions based on, for example, the cipher used.

This information can also be useful, for example, as you maintain cipher sets over time; it allows you to see which ciphers are being used and can help you plan what ciphers to change or delete in the cipher sets. The Add Received Cipher Name check box must be enabled for these variables to work.

Header

Description

Example Value

Content Rule Variable

X-SSL-Cipher

The cipher used.

X-SSL-Cipher: ECDHE-RSA-AES256-GCM-SHA384

ssl-cipher

X-SSL-ProtocolThe SSL protocol version used.X-SSL-Protocol: TLSv1.2ssl-version
X-SSL-SerialidThe Virtual Service certificate serial number.

X-SSL-Serialid: 4900000006A2ABDC165ACEAD55000000000006

ssl-clientserialid
X-SSL-ClientSerialidThe client certificate serial number.X-SSL-ClientSerialid: 490000005D6898F3C7E590536100010000005Dssl-serialid
X-SSL-SNIHostThe value of the received SNI name.X-SSL-SNIHost: sni.test.comssl-sni

Application Programming Interface (API) Details

To enable or disable the PassCipher parameter, run the following command:

/access/modvs?vs=<VirtualServiceIPAddress>&prot=<Protocol>&port=<Port>&PassCipher=<0/1>

0 - Disabled

1 - Enabled

For further details on the RESTful API in general, refer to the Long Term Support (LTS) RESTful API Interface Description document.

For PowerShell help, run the Get-Help command for the relevant commands.

Was this article helpful?

0 out of 0 found this helpful

Comments