Log SSL Handshake failures through HSL to Splunk

Question

We host several web services sites and our clients typically connect to us using an automated program. Those programs are generally hard coded to support a specific TLS cipher version. We recently went through and disabled TLSv1.0 under our SSL profile and we're finding that some clients can no longer connect, they're receiving a reset from us. We have high speed logging enabled along with an iRule attached to the VS that sends traffic to our Splunk server. This works well for stuff that isn't being denied before the iRule is processed. In our case, it would seem that some of our clients are connecting with TLSv1.0 and they don't support additional versions so the SSL handshake fails so the F5 denies the traffic and sends a reset to the client. Due to this behavior, our iRule never sees the traffic so it can't report on it. I'm looking for a way to report on these logs and send them into Splunk. Anyone have any ideas? Thanks

jg · Answer

I hope the answers to this posting will be of help to you:  https://devcentral.f5.com/questions/irule-to-log-ssl-cipher-version .&nbsp;

Forum Discussion

Log SSL Handshake failures through HSL to Splunk

1 Reply

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

F5 Networks F5CAB1 Exam - Need Help Regarding Prep

Username is not filled in EdgeClient in the Modern customization

The GSLB pool is providing an incorrect IP to end users

iRule causing requests to be duplicated (sometimes)

Cisco TACACS+ Config on ISE LTM Pair

Related Content

BIG-IP Proxy SSL 12.1 Handshake Failure

SSL Profiles Part 1: Handshakes

TCP Internals: 3-way Handshake and Sequence Numbers Explained

SSL handshake failure using serverssl (F5 and Citrix Netscaler)

BIG-IP SSL 12.1 Handshake Failure

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS