F5 LTM - cipher logging

Question

Hello,&nbsp;
I am trying to log all ciphers using on an LTM, I believe it is done through an Irule but need help with the full string.&nbsp;
Thanks&nbsp;

andy_mcgrath · Answer

Are you trying to log all ciphers used during SSL connections?
Think you can use something like the SSL::cipher iRule command: iRules SSL::cipher
when HTTP_REQUEST {
    log local0. "[SSL::cipher name], [SSL::cipher version], [SSL::cipher bits]
}

Not sure if HTTP_REQUEST is the best event to use though as will log every request when you likely only want to log once per SSL session.

surgeon · Answer

Have you applied the iRule to the VIP in question?
Do you have a Client SSL profile applied to the VIP in question?
If your back-end server ssl based then you have to apply server side ssl profile too for both side ssl offload.&nbsp;
If there is no SSL profile applied, big-ip will not do ssl offload and you will not be able to identify negotiated cipher suit&nbsp;

Forum Discussion

F5 LTM - cipher logging

2 Replies

Recent Discussions

vulnerabilities-CVE-2020-16150 & CVE-2013-0169

google autenticator broken barcode

Error while running ansible

ASM instance creation

[ASM] - what is "Browser Challange file" ?

Related Content

LTM Cipher rule

Cipher Suites Supported (12.1.5.3)

Cipher Suite Practices and Pitfalls

Disabling Weak Ciphers

suppressed messages in ltm log