For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

jlarger's avatar
jlarger
Icon for Cirrus rankCirrus
Sep 14, 2018

Cipher availability changes in upgrade from 11.6 to 13

In preparation for upgrade from 11.6 to 13.x, I am trying to develop a method to identify legacy, deprecated, and unsupported ciphers in current use on our 11.6.3 LTMs that will break functionality o...
application delivery
LTM
jlarger's avatar
jlarger
Icon for Cirrus rankCirrus
Sep 18, 2018

This isn't quite what I was hoping for, but it's a start.

 

I can issue "reset-stats ltm profile server-ssl" with the * wildcard, and do the same for client-ssl.

 

Then I can wait a set time, issue show ltm profile server-ssl all, and for client-ssl, and dump those to a text file.

 

I can then parse the text and assign each profile values for each available stat to determine where weaknesses are. For thousands of profiles on hundreds of LTMs. Laborious, no?

 

Given how much time we spend on TLS/SSL issues and responding to vulnerability scans, this should really be easier to find.