Forum Discussion

JD_Tomzak's avatar
JD_Tomzak
Icon for Cirrus rankCirrus
Jan 14, 2020

Irule to help root out TLS 1.0 and 1.1 connecting clients?

Hello,

 

I've been asked to assist the dev team in removing TLS 1.0 and 1.1 from our internet facing applications. In order to figure out what clients are still accessing at this level I've been asked to provide two things. Source IP with requested URL/URL for each of the weaker TLS protocol connections. Has anyone ever attempted to build an Irule to log this kind of info? Thanks, -JD

  • Hi

    Something like this could be a good starting point.

    when HTTP_REQUEST {
     
    if {([SSL::cipher version] == "TLSv1.1") || ([SSL::cipher version] == "TLSv1.0")}{
        log local0. "Client [IP::local_addr] is accessing [HTTP::uri] with [SSL::cipher version]"
        }
    }
  • Thanks! I'll give that a try.

    Now if I could just make that work in Radware...

    -JD