F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Todd_Behrens_20's avatar
Todd_Behrens_20
Icon for Nimbostratus rankNimbostratus
Dec 08, 2016

iRule to Log TLSv1.0 Connections Only

Hi Everyone,   I am trying to identify all cleints that still use TLSv1.0 and what browser they use. I created the following iRule to log these connections.   when CLIENTSSL_HANDSHAKE { ...
iRules
LTM
security
Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Dec 08, 2016

Hi Todd,

glad you've found a rule of mine in another thread... 😉

To report just "TLSv1" session, simply change the 

contains
operator of the 
[if]
command to 
equals
... 

when CLIENTSSL_HANDSHAKE { 
    if { ( [SSL::cipher version] equals "TLSv1") } then { 
        set invalid_ssl 1 
    } else { 
        set invalid_ssl 0 
    } 
} 
when HTTP_REQUEST { 
    if { $invalid_ssl } then { 
        log local0. "TLSv1 Client: [IP::client_addr] using [SSL::cipher version], [SSL::cipher name] and [SSL::cipher bits] bits using the Agent [HTTP::header value "User-Agent"]"
        set invalid_ssl 0 
    }
}

Cheers, Kai