Forum Discussion

paulpatriot_129

Icon for Nimbostratus rank

Nimbostratus

Oct 20, 2014

Log SSLv3 TRAFFIC

Does anyone know an IRULE that captures clients using SSLv3 and sends it to the log?

5 Replies

shaggy
Nimbostratus
Oct 20, 2014
This locally logs SSLv3 handshakes and the associated client-IP

when CLIENTSSL_HANDSHAKE { if {[SSL::cipher version] eq "SSLv3"}{ log local0. "[IP::client_addr] [SSL::cipher version]" } }
- David_Jones_227
  Nimbostratus
  Mar 11, 2016
  I used this for identifying TLSv1 clients, just replaced SSLv3 with TLSv1 and it works great. Logs to /var/log/ltm.
shaggy_121467
Cumulonimbus
Oct 20, 2014
This locally logs SSLv3 handshakes and the associated client-IP

when CLIENTSSL_HANDSHAKE { if {[SSL::cipher version] eq "SSLv3"}{ log local0. "[IP::client_addr] [SSL::cipher version]" } }
- David_Jones_227
  Nimbostratus
  Mar 11, 2016
  I used this for identifying TLSv1 clients, just replaced SSLv3 with TLSv1 and it works great. Logs to /var/log/ltm.
paulpatriot_129
Nimbostratus
Oct 20, 2014
That worked Thanks for the Info.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

Bram - January 2026 Featured Member

DevCentral News

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

Community Articles

application delivery

container ingress services

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5