cancel
Showing results for 
Search instead for 
Did you mean: 
patonbike_25784
Nimbostratus
Nimbostratus

Problem this snippet solves:

This will let you make a copy of all existing clientssl profiles (old one will be the parent of the new one) requiring TLS1.2.

How to use this snippet:

First, it gets a list of all of your client ssl profiles which are assigned to virtual servers (NOTE, This assumes that your tcp profiles have the text "tcp" in their name and that your clientssl profiles DO NOT have "tcp" in the name).

Second, it makes a new clientssl profile with the old one as the parent. The only change will be ciphers. The new one will be called oldprofile-tls12. You can call them whatever you want.

Code :

tmsh list ltm virtual all |grep clientside -B 1|grep -v tcp|grep -v clientside|sed 's/{//g'|grep -v "\-\-"|sort|uniq|awk '{print $1}' > clientssl.txt

for i in `cat clientssl.txt` do
tmsh create ltm profile client-ssl $i-tls12 defaults-from $i ciphers 'TLSv1_2:!DES-CBC-SHA:!DH:!ADH:!EDH:!EXPORT:!RC4-SHA:!RC4-MD5:!DES-CBC3-SHA:!ECDHE-RSA-DES-CBC3-SHA'
sleep 1
done

Tested this on version:

11.5
Version history
Last update:
‎03-May-2018 09:24
Updated by:
Contributors