Todd_Behrens_20
Dec 08, 2016Nimbostratus
iRule to Log TLSv1.0 Connections Only
Hi Everyone,
I am trying to identify all cleints that still use TLSv1.0 and what browser they use. I created the following iRule to log these connections.
when CLIENTSSL_HANDSHAKE {
if { ( [SSL::cipher version] contains "TLSv1") } then {
set invalid_ssl 1
} else {
set invalid_ssl 0
} }
when HTTP_REQUEST {
if { $invalid_ssl } then {
log local0. "TLSv1 Client: [IP::client_addr] using [SSL::cipher version], [SSL::cipher name] and [SSL::cipher bits] bits using the Agent [HTTP::header value "User-Agent"]"
set invalid_ssl 0
} }
It works but it also includes TLSv1.2 connection. We have a lot of clients and most use 1.2 so i getting way too many logs. Is there a way i can modify this iRule log TLSv1.0 only?
thanks!