Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Tom_L's avatar
Tom_L
Icon for Nimbostratus rankNimbostratus
Sep 27, 2021
Solved

Logging TLS traffic less than TLSv1.2

I want to implement an iRule that logs TLS traffic that is less than TLSv1.2. Need to identify less secure (source) traffic to understand what applications need to be updated to TLSv1.2.     The ...
application delivery
cloud
irules
LTM
  • Daniel_Wolf's avatar
    Daniel_Wolf
    Sep 27, 2021

    Hi ,

    this one works:

    when HTTP_REQUEST {
    if {not (([SSL::cipher version] equals "TLSv1.2") or ([SSL::cipher version] equals "TLSv1.3"))} {
        log local0. "[virtual] [IP::client_addr] [SSL::cipher version] [HTTP::uri] [HTTP::host]"
    }
}

    KR

    Daniel

Daniel_Wolf's avatar
Daniel_Wolf
Icon for MVP rankMVP
Sep 27, 2021

Hi ,

this one works:

when HTTP_REQUEST {
    if {not (([SSL::cipher version] equals "TLSv1.2") or ([SSL::cipher version] equals "TLSv1.3"))} {
        log local0. "[virtual] [IP::client_addr] [SSL::cipher version] [HTTP::uri] [HTTP::host]"
    }
}

KR

Daniel

Tom_L's avatar
Tom_L
Icon for Nimbostratus rankNimbostratus
Sep 27, 2021

Thanks Daniel. I really appreciate it. I'm going to test it out tonight.

 

Tom L