Forum Discussion
Kai_Wilke
Feb 12, 2016MVP
Ah okay... its just for logging. Then try this... 😉
when CLIENTSSL_HANDSHAKE {
if { ( [SSL::cipher version] contains "SSL" ) or
( [SSL::cipher name] contains "DES" ) or
( [SSL::cipher name] contains "RC4" ) or
( [SSL::cipher bits] < 128 ) } then {
set invalid_ssl 1
} else {
set invalid_ssl 0
}
}
when HTTP_REQUEST {
if { $invalid_ssl } then {
log local0.debug "Denied SSL Handshake for Client [IP::client_addr]:[TCP::client_port] using [SSL::cipher version], [SSL::cipher name] and [SSL::cipher bits] bits using the Agent [HTTP::header value "User-Agent"]"
set invalid_ssl 0
}
}
Note: The outlined iRule would now
(or possibly [log]
) just once per SSL connection.[ISTATS]
Cheers, Kai