For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

chodges_307348's avatar
chodges_307348
Icon for Nimbostratus rankNimbostratus
Aug 15, 2017

Capture TLS version

Hello,   We are in the process of disabling TLS 1.0/1.1. Is it possible to capture what TLS version is being used on a particular virtual server or iRule?   Thanks  
application delivery
iRules
LTM
jaikumar_f5's avatar
jaikumar_f5
Icon for Noctilucent rankNoctilucent
Aug 15, 2017

Use the show and list command to see the ClientSSL settings and tls statistics.

The below would give you the ciphers configured for this particular clientssl, sometimes it would be null and it inherits from parent profile.

tmsh ltm profile client-ssl vs_clientssl_name ciphers

ltm profile client-ssl vs_clientssl_name {
    ciphers !EXPORT:!SSLv3:!MD5:xxxxxxxxxxxxxxxxxxx
}

There would cases where people tend to negate in the options sections, verify this too.

tmsh list ltm profile client-ssl vs_clientssl_name options

ltm profile client-ssl vs_clientssl_name {
    options { dont-insert-empty-fragments no-sslv2 no-sslv3 }
}

The below is for statistics.

tmsh show ltm profile client-ssl vs_clientssl_name

The output would include something like below,

Protocol
  SSL Protocol Version 2                                            0
  SSL Protocol Version 3                                            0
  TLS Protocol Version 1.0                                          0
  TLS Protocol Version 1.1                                          0
  TLS Protocol Version 1.2                                          0
  DTLS Protocol Version 1                                           0