Forum Discussion

Tom_L's avatar
Tom_L
Icon for Nimbostratus rankNimbostratus
Sep 27, 2021
Solved

Logging TLS traffic less than TLSv1.2

I want to implement an iRule that logs TLS traffic that is less than TLSv1.2. Need to identify less secure (source) traffic to understand what applications need to be updated to TLSv1.2.     The ...
  • Daniel_Wolf's avatar
    Sep 27, 2021

    Hi ,

    this one works:

    when HTTP_REQUEST {
        if {not (([SSL::cipher version] equals "TLSv1.2") or ([SSL::cipher version] equals "TLSv1.3"))} {
            log local0. "[virtual] [IP::client_addr] [SSL::cipher version] [HTTP::uri] [HTTP::host]"
        }
    }

    KR

    Daniel