F5 LTM - cipher logging

Question

Hello,&nbsp;
I am trying to log all ciphers using on an LTM, I believe it is done through an Irule but need help with the full string.&nbsp;
Thanks&nbsp;

andy_mcgrath · Answer

Are you trying to log all ciphers used during SSL connections?
Think you can use something like the SSL::cipher iRule command: iRules SSL::cipher
when HTTP_REQUEST {
    log local0. "[SSL::cipher name], [SSL::cipher version], [SSL::cipher bits]
}

Not sure if HTTP_REQUEST is the best event to use though as will log every request when you likely only want to log once per SSL session.

surgeon · Answer

Have you applied the iRule to the VIP in question?
Do you have a Client SSL profile applied to the VIP in question?
If your back-end server ssl based then you have to apply server side ssl profile too for both side ssl offload.&nbsp;
If there is no SSL profile applied, big-ip will not do ssl offload and you will not be able to identify negotiated cipher suit&nbsp;

Forum Discussion

F5 LTM - cipher logging

Recent Discussions

did not show checkbox on chrome while access through f5

How do I create a traffic log for two different route domains?

Flip-flop load balancing

ASM Export JSON - size Limit ?

Can i apply ddos profile on virtual server using port range

Related Content

LTM Cipher rule

Cipher Suite Practices and Pitfalls

Cipher Suites Supported (12.1.5.3)

suppressed messages in ltm log

Disabling Specific Weak Cipher Suites

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS