Forum Discussion
2 Replies
Sort By
- Andy_McGrathCumulonimbus
Are you trying to log all ciphers used during SSL connections?
Think you can use something like the SSL::cipher iRule command: iRules SSL::cipher
when HTTP_REQUEST { log local0. "[SSL::cipher name], [SSL::cipher version], [SSL::cipher bits] }
Not sure if HTTP_REQUEST is the best event to use though as will log every request when you likely only want to log once per SSL session.
- SurgeonRet. Employee
- Have you applied the iRule to the VIP in question?
-
Do you have a Client SSL profile applied to the VIP in question? If your back-end server ssl based then you have to apply server side ssl profile too for both side ssl offload.
If there is no SSL profile applied, big-ip will not do ssl offload and you will not be able to identify negotiated cipher suit