Make a copy of all existing clientssl profiles requiring TLS1.2

Problem this snippet solves:

This will let you make a copy of all existing clientssl profiles (old one will be the parent of the new one) requiring TLS1.2.

How to use this snippet:

First, it gets a list of all of your client ssl profiles which are assigned to virtual servers (NOTE, This assumes that your tcp profiles have the text "tcp" in their name and that your clientssl profiles DO NOT have "tcp" in the name).

Second, it makes a new clientssl profile with the old one as the parent. The only change will be ciphers. The new one will be called oldprofile-tls12. You can call them whatever you want.

Code :

tmsh list ltm virtual all |grep clientside -B 1|grep -v tcp|grep -v clientside|sed 's/{//g'|grep -v "\-\-"|sort|uniq|awk '{print $1}' > clientssl.txt

for i in `cat clientssl.txt` do
tmsh create ltm profile client-ssl $i-tls12 defaults-from $i ciphers 'TLSv1_2:!DES-CBC-SHA:!DH:!ADH:!EDH:!EXPORT:!RC4-SHA:!RC4-MD5:!DES-CBC3-SHA:!ECDHE-RSA-DES-CBC3-SHA'
sleep 1
done

Tested this on version:

11.5
Published May 03, 2018
Version 1.0
application delivery
BIG-IP

Was this article helpful?

No CommentsBe the first to comment