Forum Discussion
NimbostratusCapture TLS version
Hello,
We are in the process of disabling TLS 1.0/1.1. Is it possible to capture what TLS version is being used on a particular virtual server or iRule?
Thanks
You can see this in the client ssl profile statistics or use this irule:
when CLIENTSSL_HANDSHAKE { log local0. "[IP::client_addr] [SSL::cipher version]" }
Jad_Tabbara__J1Cirrostratus
Hello,
You can get stats, directly from your VS by clicking on "Statistics", then choose the "clientssl" profile from "Profiles". Then you can find all SSL protocol used by your clients.
If you need real time log, you can use the [SSL::cipher version] from your irule.
Check this links :
Finally, you can also check what protocols are allowed by your VS. If the client/server SSL Profile used by the VS uses the "DEFAULT" cipher list, you can print the allowed TLS protocol and cipher of your VS using :
tmm --clientciphers DEFAULTHope it helps,
Regards
jaikumar_f5Noctilucent
Use the show and list command to see the ClientSSL settings and tls statistics.
The below would give you the ciphers configured for this particular clientssl, sometimes it would be null and it inherits from parent profile.
tmsh ltm profile client-ssl vs_clientssl_name ciphersltm profile client-ssl vs_clientssl_name { ciphers !EXPORT:!SSLv3:!MD5:xxxxxxxxxxxxxxxxxxx }There would cases where people tend to negate in the options sections, verify this too.
tmsh list ltm profile client-ssl vs_clientssl_name optionsltm profile client-ssl vs_clientssl_name { options { dont-insert-empty-fragments no-sslv2 no-sslv3 } }The below is for statistics.
tmsh show ltm profile client-ssl vs_clientssl_nameThe output would include something like below,
Protocol SSL Protocol Version 2 0 SSL Protocol Version 3 0 TLS Protocol Version 1.0 0 TLS Protocol Version 1.1 0 TLS Protocol Version 1.2 0 DTLS Protocol Version 1 0
