F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Carlos_Urdaneta's avatar
Carlos_Urdaneta
Icon for Nimbostratus rankNimbostratus
Nov 06, 2014

Determine source IP addresses of SSLv3 connections?

Hi All,   Do we have the ability to determine which specific clients (IP addresses) are connecting to the F5 with SSL v3   I know how to obtain some statistics about the number of SSLv3 connect...
application delivery
LTM
security
TMOS
mimlo_61970's avatar
mimlo_61970
Icon for Cumulonimbus rankCumulonimbus
Nov 06, 2014

not sure if there are any stats on this you can query, but here is an irule that will log the connections to /var/log/ltm

when CLIENTSSL_HANDSHAKE {
    if { [SSL::cipher version] eq "SSLv3" } {
        log local0.debug "[IP::client_addr] accessed [virtual name] with SSLv3"
    }
}

This assumes you have a client_ssl profile on the virtual server. If not, you would have to modify the script at https://devcentral.f5.com/articles/irule-to-stop-sslv3-connections to just log instead of reject.