Forum Discussion
Thanks for the information, did some research and managed to get it running on our infra. Below the Irule i reworked for TCP enable VIP (without a http profile).
when CLIENTSSL_HANDSHAKE {
if { [info exists logged] && $logged == 1 }{
Do nothing. Already logged for this connection
} else {
set logged 1
log "WAARDE TLS1.0 check, from [IP::remote_addr] to vip [IP::local_addr] Cipher [SSL::cipher name]:[SSL::cipher version]:[SSL::cipher bits] "
}
}
The "Waarde" in bold is the trigger i can use to check in the LTM file from \var\log\ltm
LTM Output example (masked some items with ): Line 429655: Jan 17 08:34:24 slot2/VCMP- info tmm[19343]: 01220002:6: Rule /Common/Irule_TLS1.0_CHECK_LOG_172... : WAARDE TLS1.0 check, from 10... to vip 172... Cipher ECDHE-RSA-AES128-CBC-SHA:TLSv1:128
Hello,
I have a TCP VIP on port 995 with no HTTP Profile or client-ssl profile.
I tried to apply the above irule and it threw me the following error..
01070394:3: CLIENTSSL_HANDSHAKE event in rule (/Common/TLS-Version-2) requires an associated CLIENTSSL profile on the virtual server (/Common/vs_exchange-2016_pop3_MWDC).
I really need an irule to help me log the incoming client TLS versions