In LoadMaster version 7.2.52 and above, a new check box called Add Received Cipher Name was added. This option is disabled by default. when this option is enabled, the LoadMaster adds X-SSL headers containing client SSL information such as TLS version, TLS cipher, client certificate serial number, and SNI host as described in below table.

The information contained in these headers can be used in content rules by referencing the appropriate header name in the rule (see the table below). This allows you to make load balancing decisions based on, for example, the cipher used.

This information can also be useful, for example, as you maintain cipher sets over time; it allows you to see which ciphers are being used and can help you plan what ciphers to change or delete in the cipher sets. The Add Received Cipher Name check box must be enabled to use the headers in the table below in content rules.

Header Description Example Value
X-SSL-Cipher The cipher used. X-SSL-Cipher: ECDHE-RSA-AES256-GCM-SHA384
X-SSL-Protocol The SSL protocol version used. X-SSL-Protocol: TLSv1.2
X-SSL-Serialid The Virtual Service certificate serial number. X-SSL-Serialid: 4900000006A2ABDC165ACEAD55000000000006
X-SSL-ClientSerialid The client certificate serial number. X-SSL-ClientSerialid: 490000005D6898F3C7E590536100010000005D
X-SSL-SNIHost The value of the received SNI name. X-SSL-SNIHost: sni.test.com