Forum Discussion
Kai_Wilke
Dec 08, 2016MVP
Hi Todd,
glad you've found a rule of mine in another thread... 😉
To report just "TLSv1" session, simply change the
contains
operator of the [if]
command to equals
...
when CLIENTSSL_HANDSHAKE {
if { ( [SSL::cipher version] equals "TLSv1") } then {
set invalid_ssl 1
} else {
set invalid_ssl 0
}
}
when HTTP_REQUEST {
if { $invalid_ssl } then {
log local0. "TLSv1 Client: [IP::client_addr] using [SSL::cipher version], [SSL::cipher name] and [SSL::cipher bits] bits using the Agent [HTTP::header value "User-Agent"]"
set invalid_ssl 0
}
}
Cheers, Kai