Forum Discussion
NimbostratusiRule to Log TLSv1.0 Connections Only
Hi Everyone,
I am trying to identify all cleints that still use TLSv1.0 and what browser they use. I created the following iRule to log these connections.
when CLIENTSSL_HANDSHAKE {
if { ( [SSL::cipher version] contains "TLSv1") } then {
set invalid_ssl 1
} else {
set invalid_ssl 0
} }
when HTTP_REQUEST {
if { $invalid_ssl } then {
log local0. "TLSv1 Client: [IP::client_addr] using [SSL::cipher version], [SSL::cipher name] and [SSL::cipher bits] bits using the Agent [HTTP::header value "User-Agent"]"
set invalid_ssl 0
} }
It works but it also includes TLSv1.2 connection. We have a lot of clients and most use 1.2 so i getting way too many logs. Is there a way i can modify this iRule log TLSv1.0 only?
thanks!
1 Reply
- Kai_Wilke
MVP
Hi Todd,
glad you've found a rule of mine in another thread... 😉
To report just "TLSv1" session, simply change the
operator of thecontains
command to[if]
...equalswhen CLIENTSSL_HANDSHAKE { if { ( [SSL::cipher version] equals "TLSv1") } then { set invalid_ssl 1 } else { set invalid_ssl 0 } } when HTTP_REQUEST { if { $invalid_ssl } then { log local0. "TLSv1 Client: [IP::client_addr] using [SSL::cipher version], [SSL::cipher name] and [SSL::cipher bits] bits using the Agent [HTTP::header value "User-Agent"]" set invalid_ssl 0 } }Cheers, Kai
