ToonVA
Jan 16, 2019Cirrus
Log TLS version in Irule for TCP VIP
Hi All,
I am working on a project to remove all TLS1.0 connection on F5 but need we need to know first who is still connection to certain VIP.
There is already an Irule defined by one of my colleagues but this only works when there is an HTTP Profile attached. We have also plain TCP VIP with SSL offloading and so i can't attach the below Irule to it.
when HTTP_REQUEST {
if { [info exists logged] && $logged == 1 }{
Do nothing. Already logged for this connection
} else {
set logged 1
log "WAARDE TLS1.0 check, from [IP::remote_addr] to vip [IP::local_addr] Cipher [SSL::cipher name]:[SSL::cipher version]:[SSL::cipher bits] Client:[HTTP::header "User-Agent"]:[HTTP::host]"
}
}
I am not good in scripting but i understand the logic above but need something similar without the "HTTP_Request" statement etc because the TCP VIP does not do HTTP traffic...
Can someone help me on this to make an Irule which will work with plain TCP ?