Forum Discussion

Nimbostratus

Sep 27, 2021

Logging TLS traffic less than TLSv1.2

I want to implement an iRule that logs TLS traffic that is less than TLSv1.2. Need to identify less secure (source) traffic to understand what applications need to be updated to TLSv1.2.

The iRule below logs ALL TLS traffic, which is overwhelming. Only want to log the less secure TLS protocols only.

when HTTP_REQUEST {

log local0. "[virtual] [IP::client_addr] [SSL::cipher version] [HTTP::uri] [HTTP::host]"

}

Please let me know how I can accomplish this with an iRule.

Thanks

Tom L

Hi ,

this one works:

when HTTP_REQUEST {
    if {not (([SSL::cipher version] equals "TLSv1.2") or ([SSL::cipher version] equals "TLSv1.3"))} {
        log local0. "[virtual] [IP::client_addr] [SSL::cipher version] [HTTP::uri] [HTTP::host]"
    }
}

Daniel

Daniel_Wolf
MVP
Sep 27, 2021
Hi ,
this one works:
when HTTP_REQUEST { if {not (([SSL::cipher version] equals "TLSv1.2") or ([SSL::cipher version] equals "TLSv1.3"))} { log local0. "[virtual] [IP::client_addr] [SSL::cipher version] [HTTP::uri] [HTTP::host]" } }
KR
Daniel
- Tom_L
  Nimbostratus
  Sep 27, 2021
  Thanks Daniel. I really appreciate it. I'm going to test it out tonight.
  
  Tom L
- Tom_L
  Nimbostratus
  Sep 28, 2021
  The iRule worked perfectly. Thank you Daniel.
  
  Tom L