help with irule to use specific SSL profile based on source IP and cipher strength, log required

Hello f5 community,

I do have a virtual server with an SSL profile that allows medium (128bit) and high ciphers (256bit), however need to upgrade this VS to use only 256 bit ciphers except for a list of well known IPs added into a Data Group List named 128bits_White_List,so I have created the below irule to achieve this goal:

when CLIENT_ACCEPTED {
if {[class match [IP::client_addr] equals 128bits_White_List ]}
{ SSL::profile MEDIUM_clientssl
}
else { SSL::profile HIGH_clientssl
}
}

The irule works fine, however need to know if an IP address that is not whitelisted could be attempting to connect with a 128 bit cipher, I have tried by adding an extra irule in the VS with the below content but it does not log the source IP using 128 bits that is not whitelisted, even when it is set in first place in the irule order, the connection is just blocked (because is hitting the HIGH_clientssl profile)

when CLIENTSSL_HANDSHAKE {
if {
      ( [SSL::cipher bits] < 256 ) } then {
        log local0. "ALERT! - IP [IP::client_addr]:[TCP::client_port] is using [SSL::cipher bits] bits"
    }

Any idea on why the log is not working in CLIENTSSL_HANDSHAKE when both irules are enabled? If I configure the VS to use only the CLIENTSSL_HANDSHAKE irule then logging works, but not if both CLIENT_ACCEPTED and CLIENTSSL_HANDSHAKE are on place.

Is there a way that I can combine both irules into one so that I can know what IPs that are not whitelisted are attempting with 128bit ciphers?

Or maybe, is there any other way to achieve what I need to do? any help is highly appreciated. thanks. -alex.