BIGIP LTM SSL offloading statistics

Question

Hi guys,&nbsp;
I'd like know statistics about which SSL/TLS suite is used by client in session with ltm.&nbsp;
I have many vip for which ltm makes ssl-offload, associated to them there are different ssl profile in which I define the SSL/TLS suite to accept or refuse (e.g. I refuse SSLv2).
I'd like encrease the security level accepting TLSv1.1 only, but I don't how many client, now, are connected with SSLv3 or TLSv1.0. If I have a statistic I can be sure about this.&nbsp;
Thanks in advance,
Andrea&nbsp;

nitass · Answer

isn't it in show ltm profile client-ssl?
[root@ve11a:Active:In Sync] config  tmsh show ltm profile client-ssl clientssl | grep -i Protocol
Protocol
  SSL Protocol Version 2                                            0
  SSL Protocol Version 3                                            0
  TLS Protocol Version 1.0                                          0
  TLS Protocol Version 1.1                                          0
  TLS Protocol Version 1.2                                          0
  DTLS Protocol Version 1                                           0

andrea_110925 · Answer

Thanks for your fast answer.&nbsp;

mahmoud_eldeeb_ · Answer

tmsh show ltm profile client-ssl clientssl | grep -i Protocol

andrea_110925 · Answer

Thanks nitass,
I have this output for the command you suggest:
Protocol                               
  SSL Protocol Version 2                           0
  SSL Protocol Version 3                      231657
  TLS Protocol Version 1.0                   4841104
  TLS Protocol Version 1.1                    154773
  TLS Protocol Version 1.2                   9992868
  DTLS Protocol Version 1                          0

Now I have new question: when that statistics were reset? During last reboot?
In addition, I found interesting the output of the entire command "tmsh show ltm profile client-ss", where I can find the explanetion of all statistics? Not only protocol.
Thanks in advance,
Andrea

nitass · Answer

when that statistics were reset? During last reboot?

you can manually reset it or yes it will be rest when rebooting.
 tmsh reset-stats ltm profile client-ssl clientssl

I found interesting the output of the entire command "tmsh show ltm profile client-ss", where I can find the explanetion of all statistics? Not only protocol.

if it is not documented anywhere, you may try to post here (in case someone knows) or open a support case. 🙂

Forum Discussion

BIGIP LTM SSL offloading statistics

6 Replies

Recent Discussions

F5 Rseries HA

Geo Fence in ASM through irule for URI

Chrome V 124+ on MacOS - Virtual Server Access Issue

google-visualization-issues

The best load balance method on this scenario?

Related Content

Re: BigIP Report

BigIP Report Old

Parsing F5 BIG-IP LTM DNS profile statistics and extracting values with Python

Rewrite profile statistics in ltm

F5 LTM Virtual Statistics Timeframe