Forum Discussion
Aug 07, 2020
Hi Yugandhar,
[SSL::cipher version] : Returns the current SSL cipher version using the format of the OpenSSL SSL_CIPHER_get_version() function (e.g. “SSLv2”, “SSLv3”, “TLSv1”, “TLSv1.1”, “TLSv1.2”).
REF: https://clouddocs.f5.com/api/irules/SSL__cipher.html
when CLIENTSSL_HANDSHAKE {
if { [SSL::cipher version] equals "TLSv1" || [SSL::cipher version] equals "TLSv1.1" || [SSL::cipher version] equals "TLSv1.2" }{
set FLAG 1
set TLS-VER [SSL::cipher version]
}
else {
set FLAG 0
}
}
when HTTP_REQUEST {
if { $FLAG } {
set VIP [IP::local_addr]:[TCP::local_port]
set CLIENT [IP::client_addr]:[TCP::client_port]
set URL [HTTP::host][HTTP::uri]
log local0. "Client ($CLIENT) connected to the VIP ($VIP) for $URL using $TLS-VER"
}
}
You don't need CLIENTSSL_HANDSHAKE event in iRule:
when HTTP_REQUEST {
set TLS-VER [SSL::cipher version]
set VIP [IP::local_addr]:[TCP::local_port]
set CLIENT [IP::client_addr]:[TCP::client_port]
set URL [HTTP::host][HTTP::uri]
log local0. "Client ($CLIENT) connected to the VIP ($VIP) for $URL using $TLS-VER"
}