TMcGov_92811
Dec 08, 2008Nimbostratus
iRule to log SSL failures due to weak encryption
I have implemented the following Ciper in an SSL profile per F5 support to prevent SSLv2 or weak encryption schemes from connecting.
ALL:!NULL:!ADH:!LOW:!EXP:RC4+RSA:!SSLv2:+HIGH:+MEDIUM
I am trying to develop an iRule to log every connection that is blocked by this SSL profile. The standard one below does not log everything, only encryption schemes using less than 128 bits. What do I need to add to this in order to match the Cipher above so I can actually see who is getting blocked and for exactly which reason ?
when HTTP_REQUEST {
check for at least 128 bits of encryption
if { [SSL::cipher bits] < 128 }{
when browser cannot do at least 128 bits of encryption log client details
log local0. "Client IP:port: [IP::client_addr]:[TCP::client_port], Host/URI [HTTP::host][HTTP::uri],\
User-Agent: [HTTP::header User-Agent], Auth header: [HTTP::header Authorization], cipher bits: [SSL::cipher bits]"
}
}