CirrusHello Team,
I am looking for a solution sslv2 and sslv3 report. we enabled sslv3 globally on one of our LB due to some legacy application connectivity issue. can we see the list of client and vip which are still communicating with lower version ssl.
CirrusI would just do a TCPDUMP with parameter looking for the lower SSL version. If all of them have a common entrance point (a single vip) you can narrow it down to search just traffic attempting that virtual server you can limit it by server ip.
Nimbostratustmsh show ltm virtual detail | grep -i "protocol version"
NimbostratusJust look at the stats for your SSL client profile.
SSH into your Big-IP and then :
tmsh
show /ltm profile client-ssl name_of_your_client-ssl_profile
You will see stats for protocols, ciphers, etc. If your stats are too old, just reset them and then let things run for a while and check your stats again.
Nimbostratusif you have a lot of VSs and profiles this might work for you, assuming v11+. What is does is list the client-ssl stats of all VSs, picks out the SSLv[2|3] count and prints only those virtual servers that have a count >0 for SSLv2 OR SSLv3. You'll probably want to reset you stats first,
cheers
tmsh -q -c "cd /; show ltm recursive virtual detail profiles" | grep -A 26 -i 'clientssl p' |\
grep -i 'virtual s\| ssl p' | awk '{print}; NR%3==0 {print ""}' |\
awk 'BEGIN {printf "\n%-70s %5s %5s\n\n", "Virtual Server", "SSLv2", "SSLv3"; FS=" ";RS=""}; \
{printf "%-70s %5s %5s\n", $5,$11,$17}' | grep -v ' 0 \{5\}0$'