BIGIP LTM SSL offloading statistics

Question

Hi guys,&nbsp;
I'd like know statistics about which SSL/TLS suite is used by client in session with ltm.&nbsp;
I have many vip for which ltm makes ssl-offload, associated to them there are different ssl profile in which I define the SSL/TLS suite to accept or refuse (e.g. I refuse SSLv2).
I'd like encrease the security level accepting TLSv1.1 only, but I don't how many client, now, are connected with SSLv3 or TLSv1.0. If I have a statistic I can be sure about this.&nbsp;
Thanks in advance,
Andrea&nbsp;

nitass · Answer

isn't it in show ltm profile client-ssl?
[root@ve11a:Active:In Sync] config  tmsh show ltm profile client-ssl clientssl | grep -i Protocol
Protocol
  SSL Protocol Version 2                                            0
  SSL Protocol Version 3                                            0
  TLS Protocol Version 1.0                                          0
  TLS Protocol Version 1.1                                          0
  TLS Protocol Version 1.2                                          0
  DTLS Protocol Version 1                                           0

andrea_110925 · Answer

Thanks for your fast answer.&nbsp;

mahmoud_eldeeb_ · Answer

tmsh show ltm profile client-ssl clientssl | grep -i Protocol

andrea_110925 · Answer

Thanks nitass,
I have this output for the command you suggest:
Protocol                               
  SSL Protocol Version 2                           0
  SSL Protocol Version 3                      231657
  TLS Protocol Version 1.0                   4841104
  TLS Protocol Version 1.1                    154773
  TLS Protocol Version 1.2                   9992868
  DTLS Protocol Version 1                          0

Now I have new question: when that statistics were reset? During last reboot?
In addition, I found interesting the output of the entire command "tmsh show ltm profile client-ss", where I can find the explanetion of all statistics? Not only protocol.
Thanks in advance,
Andrea

nitass · Answer

when that statistics were reset? During last reboot?

you can manually reset it or yes it will be rest when rebooting.
 tmsh reset-stats ltm profile client-ssl clientssl

I found interesting the output of the entire command "tmsh show ltm profile client-ss", where I can find the explanetion of all statistics? Not only protocol.

if it is not documented anywhere, you may try to post here (in case someone knows) or open a support case. 🙂

Forum Discussion

BIGIP LTM SSL offloading statistics

6 Replies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Failing over Virtual F5 VE to DR location using Zerto

Failing over of a Virtual F5 configuration to another location using Zerto restore process

F5 Networks F5CAB1 Exam - Need Help Regarding Prep

Username is not filled in EdgeClient in the Modern customization

The GSLB pool is providing an incorrect IP to end users

Related Content

Re: BigIP Report

SSL Offloading and Backend pool https

BigIP Report Old

VS STATISTICS

Integrating the F5 BIGIP with Azure Sentinel

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS