Forum Discussion

Cirrus

7 years ago

Cipher availability changes in upgrade from 11.6 to 13

In preparation for upgrade from 11.6 to 13.x, I am trying to develop a method to identify legacy, deprecated, and unsupported ciphers in current use on our 11.6.3 LTMs that will break functionality o...

application delivery

LTM

jlarger

Cirrus

7 years ago

This isn't quite what I was hoping for, but it's a start.

I can issue "reset-stats ltm profile server-ssl" with the * wildcard, and do the same for client-ssl.

Then I can wait a set time, issue show ltm profile server-ssl all, and for client-ssl, and dump those to a text file.

I can then parse the text and assign each profile values for each available stat to determine where weaknesses are. For thousands of profiles on hundreds of LTMs. Laborious, no?

Given how much time we spend on TLS/SSL issues and responding to vulnerability scans, this should really be easier to find.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)