For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

chungyu_16122's avatar
chungyu_16122
Icon for Altostratus rankAltostratus
Jul 27, 2015

Detect SSLv3 and Create a list of incoming IP addresses using SSLv3

Hi all   I currently unable to migrate all services away from SSLv3 due to some legacy applications. I have created an iRule which allowed me to look at a Data Group list and send users to a SSLv...
application delivery
deployment
devops
iRules
LTM
security
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Jul 27, 2015

You should already have what you're looking for with the exception of an additional log line:

when CLIENT_ACCEPTED { 
    log local0. "[IP::client_addr]" 
    if { [class match [IP::client_addr] equals SSLv3_Client] } {
        log local0. "Incoming SSLv3 client: [IP::client_addr]" 
        SSL::profile ADC_LDAP_SSL3 
    } else { 
        SSL::profile ADC_LDAP 
    }
}

or are you trying to log all clients that establish an SSLv3 connection (versus what's defined in the datagroup)?