Logging TLS traffic less than TLSv1.2

Tom_L · ‎27-Sep-2021

I want to implement an iRule that logs TLS traffic that is less than TLSv1.2. Need to identify less secure (source) traffic to understand what applications need to be updated to TLSv1.2.

The iRule below logs ALL TLS traffic, which is overwhelming. Only want to log the less secure TLS protocols only.

when HTTP_REQUEST {

log local0. "[virtual] [IP::client_addr] [SSL::cipher version] [HTTP::uri] [HTTP::host]"

}

Please let me know how I can accomplish this with an iRule.

Thanks

Tom L

Daniel_Wolf · ‎27-Sep-2021

Hi ,

this one works:

when HTTP_REQUEST {
    if {not (([SSL::cipher version] equals "TLSv1.2") or ([SSL::cipher version] equals "TLSv1.3"))} {
        log local0. "[virtual] [IP::client_addr] [SSL::cipher version] [HTTP::uri] [HTTP::host]"
    }
}

KR

Daniel

View solution in original post

Daniel_Wolf · ‎27-Sep-2021

Hi ,

this one works:

when HTTP_REQUEST {
    if {not (([SSL::cipher version] equals "TLSv1.2") or ([SSL::cipher version] equals "TLSv1.3"))} {
        log local0. "[virtual] [IP::client_addr] [SSL::cipher version] [HTTP::uri] [HTTP::host]"
    }
}

KR

Daniel

Tom_L · ‎27-Sep-2021

Thanks Daniel. I really appreciate it. I'm going to test it out tonight.

Tom L

Tom_L · ‎28-Sep-2021

The iRule worked perfectly. Thank you Daniel.

Tom L

DevCentral

Logging TLS traffic less than TLSv1.2

Register For AppWorld 2024

F5 Receives Six Trust Radius
Best of 2023 Awards

F5 XC WAF

F5 BIG-IP

DevCentral

Logging TLS traffic less than TLSv1.2

Register For AppWorld 2024

F5 Receives Six Trust Radius Best of 2023 Awards

F5 XC WAF

F5 BIG-IP

F5 Receives Six Trust Radius
Best of 2023 Awards