Capture Virtual Server Clientssl Profile & Ciphers Mapping - Bash

Problem this snippet solves:

The code will help you capture all client ssl profiles present on the bigip. For every client ssl profile that's there, it will pull its ciphers suite & if the client-ssl profile is referenced in any of the virtuals that's present, if the same clientssl profile is referenced in multiple places, the same will be captured as well.


This code can be modified to serverssl profile and same can be captured vice-versa.

How to use this snippet:

Have to create a script file first. We shall use the /var/tmp/ directory.

Use vi editor to create a file name virtual-clientssl-ciphers.sh

command will be,


vi /var/tmp/virtual-clientssl-ciphers.sh


Then we copy our code from the snippet and place it on the file and save it.


We simply use bash to run,


bash /var/tmp/virtual-clientssl-ciphers.sh


So the output will be on /var/tmp/virtual-clientssl-cipher.csv file.

If you open it on excel, it will look like below,



Code :

#!/bin/bash
echo "Virtual Server, Client-SSL Profile, Cipher" > /var/tmp/virtual-clientssl-cipher.csv
profile_names=`tmsh list ltm profile client-ssl one-line | awk -F" " '{print $4}'`
for x in ${profile_names}
do
ciphers=`tmsh list ltm profile client-ssl $x ciphers | grep ciphers | awk '{print$2}'`
virtual_name=`tmsh list ltm virtual one-line | grep $x | awk -F" " '{print $3}'`
if [ "${virtual_name}" != "" ]
then
for y in ${virtual_name}
do
echo "$y,$x,$ciphers" >> /var/tmp/virtual-clientssl-cipher.csv
done
fi
done

Tested this on version:

13.1
Published Dec 14, 2020
Version 1.0

Was this article helpful?

3 Comments

  • Hello  

    This script from you is really helpful one.

    But there is one message which I get while this script executes. Looks like below,

    [api-status-warning] ltm/profile/client-ssl, properties : deprecated : proxy-ca-cert, proxy-ca-key, proxy-ca-passphrase

    ​Is this something which could cause an impact and needs to be taken care of.

    Thanks Much!​

  • Thats just a warning message stating deprecating tmsh commands are being used. May i know what's your BIGIP version.

    I'm guessing its hitting on line 6, These are just warning messages & can be ignored.