Forum Discussion

Tom_L's avatar
Tom_L
Icon for Nimbostratus rankNimbostratus
Sep 27, 2021
Solved

Logging TLS traffic less than TLSv1.2

I want to implement an iRule that logs TLS traffic that is less than TLSv1.2. Need to identify less secure (source) traffic to understand what applications need to be updated to TLSv1.2.  

 

The iRule below logs ALL TLS traffic, which is overwhelming. Only want to log the less secure TLS protocols only.  

 

when HTTP_REQUEST {

log local0. "[virtual] [IP::client_addr] [SSL::cipher version] [HTTP::uri] [HTTP::host]"

}

 

Please let me know how I can accomplish this with an iRule.

 

Thanks

Tom L

 

  • Hi ,

    this one works:

    when HTTP_REQUEST {
        if {not (([SSL::cipher version] equals "TLSv1.2") or ([SSL::cipher version] equals "TLSv1.3"))} {
            log local0. "[virtual] [IP::client_addr] [SSL::cipher version] [HTTP::uri] [HTTP::host]"
        }
    }

    KR

    Daniel

3 Replies

  • Hi ,

    this one works:

    when HTTP_REQUEST {
        if {not (([SSL::cipher version] equals "TLSv1.2") or ([SSL::cipher version] equals "TLSv1.3"))} {
            log local0. "[virtual] [IP::client_addr] [SSL::cipher version] [HTTP::uri] [HTTP::host]"
        }
    }

    KR

    Daniel

    • Tom_L's avatar
      Tom_L
      Icon for Nimbostratus rankNimbostratus

      Thanks Daniel. I really appreciate it. I'm going to test it out tonight.

       

      Tom L

    • Tom_L's avatar
      Tom_L
      Icon for Nimbostratus rankNimbostratus

      The iRule worked perfectly. Thank you Daniel.

       

      Tom L