Hi, In view of POODLE, we are going to disable SSLv3. And we want to find out those clients that are still using it before implementation. But it seems that there are no method to check connection's SSL/TLS protocol version in iRule. SSL::cipher version only tells the protocol version that introduce the negotiated cipher. And there are no event for intercepting traffic from ADC to client. I wonder if there are any function in iRule that can do that.

Are you looking to gauge the number of SSLv3 requests or are you wanting to intercept the connection and do something else? If it's the former, you can view statistics under Overview -> Statistics -> Local Traffic -> Statistics Type (Profile Summary) -> Client SSL

Check out the following link, You could customize the iRule to suit your purposes. https://devcentral.f5.com/articles/irule-to-stop-sslv3-connections

I haven't been able to find that Gauge. What version should the LTM be running?

iRule for checking connection's SSL/TLS protocol version

12 Replies

Ryan_80361
Cirrostratus
Oct 20, 2014
Are you looking to gauge the number of SSLv3 requests or are you wanting to intercept the connection and do something else?

If it's the former, you can view statistics under Overview -> Statistics -> Local Traffic -> Statistics Type (Profile Summary) -> Client SSL
- soymanue
  Nimbostratus
  Oct 20, 2014
  I haven't been able to find that Gauge. What version should the LTM be running?
- kwkyiu_53019
  Nimbostratus
  Oct 21, 2014
  Both v10 & v11 had it, if you want per profile stat, use "tmsh show / ltm profile client-ssl"
- kwkyiu_53019
  Nimbostratus
  Oct 21, 2014
  We are going to log those client IPs, so statistic is not we are looking for
Ryannnnnnnnn
Altocumulus
Oct 20, 2014
Are you looking to gauge the number of SSLv3 requests or are you wanting to intercept the connection and do something else?

If it's the former, you can view statistics under Overview -> Statistics -> Local Traffic -> Statistics Type (Profile Summary) -> Client SSL
- soymanue
  Nimbostratus
  Oct 20, 2014
  I haven't been able to find that Gauge. What version should the LTM be running?
- kwkyiu_53019
  Nimbostratus
  Oct 21, 2014
  Both v10 & v11 had it, if you want per profile stat, use "tmsh show / ltm profile client-ssl"
- kwkyiu_53019
  Nimbostratus
  Oct 21, 2014
  We are going to log those client IPs, so statistic is not we are looking for
Ryan_80361
Cirrostratus
Oct 20, 2014
Check out the following link, You could customize the iRule to suit your purposes.

https://devcentral.f5.com/articles/irule-to-stop-sslv3-connections
- kwkyiu_53019
  Nimbostratus
  Oct 21, 2014
  We are using SSL termination (client SSL profile only) thus that iRule does not work. The problem is that there are no event that can intercept ADC to client traffic (we got CLIENT_DATA for client to ADC and SERVER_DATA for server to ADC)
Ryannnnnnnnn
Altocumulus
Oct 20, 2014
Check out the following link, You could customize the iRule to suit your purposes.

https://devcentral.f5.com/articles/irule-to-stop-sslv3-connections
- kwkyiu_53019
  Nimbostratus
  Oct 21, 2014
  We are using SSL termination (client SSL profile only) thus that iRule does not work. The problem is that there are no event that can intercept ADC to client traffic (we got CLIENT_DATA for client to ADC and SERVER_DATA for server to ADC)