Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

soymanue's avatar
soymanue
Icon for Nimbostratus rankNimbostratus
Feb 12, 2016

Log SSL Cipher Version and User Agent Info

Hi I need to log if there are connections using SSLv3 Cipher before disabling it. I'm using this code: when CLIENTSSL_HANDSHAKE { ISTATS::incr "ltm.virtual [virtual name] c [SSL::cipher version]...
application delivery
irules
LTM
ssl cipher
user agent
soymanue's avatar
soymanue
Icon for Nimbostratus rankNimbostratus
Feb 12, 2016

Hello

 

Thanks for your answer. Unfortunately I can't redirect to an error page. The service must be available even if you connect with SSLv3 for a while, until we have the stats.

 

So I need to log just once per connection:

 

log local0.debug "SSLv3 cipher connection for Client [IP::client_addr]:[TCP::client_port] using [SSL::cipher version], [SSL::cipher name] and [SSL::cipher bits] bits using the Agent [HTTP::header value "User-Agent"]"

 

And let the connection work.

 

I have another event with HTTP_REQUEST to detect if the client uses client certificate authentication. Therefore, I can't disable HTTP_REQUEST event

 

Regards