Forum Discussion

Aditya_385647's avatar
Aditya_385647
Icon for Nimbostratus rankNimbostratus
Mar 11, 2019

irule required to log TLS version and Cipher value.

I need a F5 irule to log TLS version and Cipher value.

 

My requirement is, i need to get the TLS version and the Cipher values used in the application in the logs.

 

Example as below :

 

Feb 12 03:42:52 mwi-f5-ltm1 info tmm1[11453]: Rule /Common/CLIENTSSL_HANDSHAKE_LOGGING : DETECTED-TLSv1.0-CONNECTION - LOG_SSL_LEVEL - Client: 205.161.92.14%1 successfully negotiates TLSv1 - ECDHE-RSA-AES256-CBC-SHA - 256

 

From the articles appeared here, I have created the below irule but it still dint get me the required output.

 

when HTTP_REQUEST { HTTP::header insert "SSL_PROTOCOL" [SSL::cipher version] HTTP::header insert "SSL_CIPHER" [SSL::cipher name]}

 

Can some one please help me on this?

 

1 Reply

  • You could log something like this: (please test before using). Entries will be logged in the LTM log.

    when HTTP_REQUEST {
        log local0.notice "[SSL::cipher version] - Client [IP::client_addr]:[TCP::client_port] -> HostHeaderName/URI [HTTP::host][HTTP::uri] -"
    }