cancel
Showing results for 
Search instead for 
Did you mean: 

Logging TLS traffic less than TLSv1.2

Tom_L
Nimbostratus
Nimbostratus

I want to implement an iRule that logs TLS traffic that is less than TLSv1.2. Need to identify less secure (source) traffic to understand what applications need to be updated to TLSv1.2.  

 

The iRule below logs ALL TLS traffic, which is overwhelming. Only want to log the less secure TLS protocols only.  

 

when HTTP_REQUEST {

log local0. "[virtual] [IP::client_addr] [SSL::cipher version] [HTTP::uri] [HTTP::host]"

}

 

Please let me know how I can accomplish this with an iRule.

 

Thanks

Tom L

 

1 ACCEPTED SOLUTION

Hi ,

 

this one works:

when HTTP_REQUEST { if {not (([SSL::cipher version] equals "TLSv1.2") or ([SSL::cipher version] equals "TLSv1.3"))} { log local0. "[virtual] [IP::client_addr] [SSL::cipher version] [HTTP::uri] [HTTP::host]" } }

KR

Daniel

View solution in original post

3 REPLIES 3

Hi ,

 

this one works:

when HTTP_REQUEST { if {not (([SSL::cipher version] equals "TLSv1.2") or ([SSL::cipher version] equals "TLSv1.3"))} { log local0. "[virtual] [IP::client_addr] [SSL::cipher version] [HTTP::uri] [HTTP::host]" } }

KR

Daniel

Thanks Daniel. I really appreciate it. I'm going to test it out tonight.

 

Tom L

The iRule worked perfectly. Thank you Daniel.

 

Tom L