Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

How do we know the server ssl cipher suites

How do we know the server ssl cipher suites, on exactly which suits f5 communicating to backend server

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi,

see link text

You can log individual SSL server connections with an iRule in the handshake event, sample lines:

when SERVERSSL_HANDSHAKE {
    log local0.info "SSL Handshake Backend success: F5 [IP::local_addr]:[TCP::local_port]=>Backend Server [IP::remote_addr]:[TCP::remote_port] with SSL Version [SSL::cipher version] Cipher [SSL::cipher name] SSL Bits [SSL::cipher bits]"
}

If you open statistics tab of a Virtual Server in F5 BIG-IP Web UI you can also select the SSL server profile and will see summary counters like ciphers and TLS versions.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hello Prashnat,

If you want to check what are the supported ciphers on your backend, the easiest way is to go to the backend and check the complete list of ciphers using for example the command "openssl ciphers" if it is a linux system.

If you don't have the hand on the backend server, you will need to use a script to list all supported ciphers based on your client ciphers. For example if you connect to the CLI of the F5, you can use the following script to list all supported ciphers by the server.

https://superuser.com/questions/109213/how-do-i-list-the-ssl-tls-cipher-suites-a-particular-website-offers

If your need is to check ciphers of the SSL Server Profile on the F5, you can use

tmm --serverciphers DEFAULT

by default if you didn't change anything to the SSL Profile the value of the ciphers parameter is "DEFAULT" if you change it to other thing use the same command but replace "DEFAULT" by your value.

Finally if you want to know which SSL cipher is used for the handshake, you can use the command

openssl s_client -connect backend_ip:backend_port

Regards

0