Logging TLS traffic less than TLSv1.2

Tom_L · ‎27-Sep-2021

I want to implement an iRule that logs TLS traffic that is less than TLSv1.2. Need to identify less secure (source) traffic to understand what applications need to be updated to TLSv1.2.

The iRule below logs ALL TLS traffic, which is overwhelming. Only want to log the less secure TLS protocols only.

when HTTP_REQUEST {

log local0. "[virtual] [IP::client_addr] [SSL::cipher version] [HTTP::uri] [HTTP::host]"

}

Please let me know how I can accomplish this with an iRule.

Thanks

Tom L

Daniel_Wolf · ‎27-Sep-2021

Hi ,

this one works:

when HTTP_REQUEST {
    if {not (([SSL::cipher version] equals "TLSv1.2") or ([SSL::cipher version] equals "TLSv1.3"))} {
        log local0. "[virtual] [IP::client_addr] [SSL::cipher version] [HTTP::uri] [HTTP::host]"
    }
}

KR

Daniel

View solution in original post

Daniel_Wolf · ‎27-Sep-2021

Hi ,

this one works:

when HTTP_REQUEST {
    if {not (([SSL::cipher version] equals "TLSv1.2") or ([SSL::cipher version] equals "TLSv1.3"))} {
        log local0. "[virtual] [IP::client_addr] [SSL::cipher version] [HTTP::uri] [HTTP::host]"
    }
}

KR

Daniel

Tom_L · ‎27-Sep-2021

Thanks Daniel. I really appreciate it. I'm going to test it out tonight.

Tom L

Tom_L · ‎28-Sep-2021

The iRule worked perfectly. Thank you Daniel.

Tom L

DevCentral

Logging TLS traffic less than TLSv1.2