Check a Virtual Server's SSL Status
Code is community submitted, community supported, and recognized as ‘Use At Your Own Risk’.
Short Description
A question was asked on how you filter which virtuals might have clientside/serverside profiles, or ssl without profiles as passthrough. There is nothing in the virtual object that can tell you that unless you know your naming schema and known ssl ports. But if you know all the profiles that exist, and check which are applied to your virtuals, you can discern that information. This tmsh script attempts to make sense of those details.
How to use this Code Snippet
Merge the cli script into the BIG-IP configuration, then usage is:
tmsh run cli script vip_ssl_check.tcl
Results are printed like so:
[root@ltm3:Active:Standalone] config # tmsh run cli script testtype.tcl
Virtual: ext_nerdknobs.tech_80
Client-side encrypted: false
Server-side encrypted: false
Inspection possible: true
Virtual: ext_nerdknobs.tech_443
Client-side encrypted: true
Server-side encrypted: true
Inspection possible: true
Virtual: h2test
Client-side encrypted: true
Server-side encrypted: false
Inspection possible: true
Virtual: viptest1
Client-side encrypted: false
Server-side encrypted: true
Inspection possible: true
Virtual: virtual_name3
Client-side encrypted: true
Server-side encrypted: true
Inspection possible: false
Future work could be to fold this logic into the config search tool for specific virtuals/ports, etc.
Code Snippet Meta Information
- Version: 0.1
- Coding Language: Tcl 8.4
Full Code Snippet
vip_ssl_check.tcl (Gist on GitHub)
Updated Sep 16, 2022
Version 2.0