Forum Discussion

Nimbostratus

Jan 18, 2021

BIG-IP 13.X - Connections per Cipher String

I'm tasked with identifying how many connections we have on TLS 1.0 vs 1.1 vs 1.2 and we are running BIG-IP 13.X We are looking to phase out TLS 1.0 and 1.1 - but we want to find out how many con...

MVP

Jan 19, 2021

For sure there is more than one solution for this. You could simply log to /var/log/ltm with an iRule

when HTTP_REQUEST {
    log local0. "TLS Logging - Client: [IP::client_addr] Server: [virtual name] Cipher: [SSL::cipher version]" }

And since logging locally is not a great idea.... You could also use HSL, Splunk in my example, for remote logging:

when CLIENT_ACCEPTED {
    set hsl [HSL::open -publisher /Common/splunk]
}
 
when HTTP_REQUEST {
    HSL::send $hsl "TLS Logging - Client: [IP::client_addr] Server: [virtual name] Cipher: [SSL::cipher version]"    
}

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

BIG-IP 13.X - Connections per Cipher String

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Related Content

Future-Proofing Your Network: Enabling Quantum Ciphers on F5 BIG-IP TMOS 17.5.1

Automating Certificate Management on F5 BIG-IP

Introducing the F5 AI Assistant for BIG-IP

Cipher Rules And Groups in BIG-IP v13

BIG-IP security hardening and compliance checks

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS