For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

soymanue's avatar
soymanue
Icon for Nimbostratus rankNimbostratus
Feb 12, 2016

Log SSL Cipher Version and User Agent Info

Hi I need to log if there are connections using SSLv3 Cipher before disabling it. I'm using this code: when CLIENTSSL_HANDSHAKE { ISTATS::incr "ltm.virtual [virtual name] c [SSL::cipher version]...
application delivery
iRules
LTM
ssl cipher
user agent
Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Feb 12, 2016

Ah okay... its just for logging. Then try this... 😉

when CLIENTSSL_HANDSHAKE {
    if { ( [SSL::cipher version] contains "SSL" ) or 
         ( [SSL::cipher name] contains "DES" ) or 
         ( [SSL::cipher name] contains "RC4" ) or
         ( [SSL::cipher bits] < 128 ) } then {
        set invalid_ssl 1
    } else {
        set invalid_ssl 0
    }
}
when HTTP_REQUEST {
    if { $invalid_ssl } then {
        log local0.debug "Denied SSL Handshake for Client [IP::client_addr]:[TCP::client_port] using [SSL::cipher version], [SSL::cipher name] and [SSL::cipher bits] bits using the Agent [HTTP::header value "User-Agent"]"
        set invalid_ssl 0
    }
}

Note: The outlined iRule would now 

[log]
(or possibly 
[ISTATS]
) just once per SSL connection.

Cheers, Kai