Forum Discussion

soymanue's avatar
soymanue
Icon for Nimbostratus rankNimbostratus
Feb 12, 2016

Log SSL Cipher Version and User Agent Info

Hi I need to log if there are connections using SSLv3 Cipher before disabling it. I'm using this code: when CLIENTSSL_HANDSHAKE { ISTATS::incr "ltm.virtual [virtual name] c [SSL::cipher version]...
application delivery
iRules
LTM
ssl cipher
user agent
Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Feb 12, 2016

Ah okay... its just for logging. Then try this... 😉

when CLIENTSSL_HANDSHAKE {
    if { ( [SSL::cipher version] contains "SSL" ) or 
         ( [SSL::cipher name] contains "DES" ) or 
         ( [SSL::cipher name] contains "RC4" ) or
         ( [SSL::cipher bits] < 128 ) } then {
        set invalid_ssl 1
    } else {
        set invalid_ssl 0
    }
}
when HTTP_REQUEST {
    if { $invalid_ssl } then {
        log local0.debug "Denied SSL Handshake for Client [IP::client_addr]:[TCP::client_port] using [SSL::cipher version], [SSL::cipher name] and [SSL::cipher bits] bits using the Agent [HTTP::header value "User-Agent"]"
        set invalid_ssl 0
    }
}

Note: The outlined iRule would now 

[log]
(or possibly 
[ISTATS]
) just once per SSL connection.

Cheers, Kai