irule required to log TLS version and Cipher value.

Question

I need a F5 irule to log TLS version and Cipher value.&nbsp;
My requirement is, i need to get the TLS version and the Cipher values used in the application in the logs.&nbsp;
Example as below :&nbsp;
Feb 12 03:42:52 mwi-f5-ltm1 info tmm1[11453]: Rule /Common/CLIENTSSL_HANDSHAKE_LOGGING
: DETECTED-TLSv1.0-CONNECTION - LOG_SSL_LEVEL - Client: 205.161.92.14%1 
successfully negotiates TLSv1 - ECDHE-RSA-AES256-CBC-SHA - 256 &nbsp;
From the articles appeared here, I have created the below irule but it still dint get me the required output.&nbsp;
when HTTP_REQUEST { HTTP::header insert "SSL_PROTOCOL" [SSL::cipher version] HTTP::header insert "SSL_CIPHER" [SSL::cipher name]}&nbsp;
Can some one please help me on this?&nbsp;

rossvermette · Answer

You could log something like this: (please test before using).  Entries will be logged in the LTM log.
when HTTP_REQUEST {
    log local0.notice "[SSL::cipher version] - Client [IP::client_addr]:[TCP::client_port] -&gt; HostHeaderName/URI [HTTP::host][HTTP::uri] -"
}

Forum Discussion

irule required to log TLS version and Cipher value.

Recent Discussions

AS3 Limitations

Unable to install firmware OS and drop at 10%

Statistics ›› Analytics : HTTP : Overview

How to Renew F5 Device Certificate

F5 ASM CEF Sending Logs in Specific TimeZone

Related Content

Upcoming Action Required: F5 NGINX Plus R33 Release and Licensing Update

Cipher Suite Practices and Pitfalls

LTM Cipher rule

Cipher Suites Supported (12.1.5.3)

Disabling Specific Weak Cipher Suites

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS