Forum Discussion

boktai1000's avatar
boktai1000
Icon for Nimbostratus rankNimbostratus
Jan 18, 2021

BIG-IP 13.X - Connections per Cipher String

I'm tasked with identifying how many connections we have on TLS 1.0 vs 1.1 vs 1.2 and we are running BIG-IP 13.X

 

We are looking to phase out TLS 1.0 and 1.1 - but we want to find out how many connections are being made to it by comparison to BIG 13.X and how much of an effort it will be to possibly nudge customers to upgrade, as well as how many customers would be potentially affected if we flipped the kill switch on TLS 1.0 and TLS 1.1.

 

I'm not sure if the BIG-IP can natively support showing these analytics but I dug around and didn't turn anything up - I'm not sure if later versions of the BIG-IP software show this, but that could be incentive for us to upgrade if it does.

 

Ideally, whatever solution or way to identify this would support BIG-IP 13.X and up though - I am assuming this would probably have to be via iRule unless there's something in the interface I have overlooked

 

Thanks!

 

Update/Note: To clarify - I am looking to identify Cipher String connections on a Virtual Server connection we are load balancing on our F5 BIG-IP LTM - Thanks!

1 Reply

  • For sure there is more than one solution for this. You could simply log to /var/log/ltm with an iRule

    when HTTP_REQUEST {
        log local0. "TLS Logging - Client: [IP::client_addr] Server: [virtual name] Cipher: [SSL::cipher version]" }

    And since logging locally is not a great idea.... You could also use HSL, Splunk in my example, for remote logging:

    when CLIENT_ACCEPTED {
        set hsl [HSL::open -publisher /Common/splunk]
    }
     
    when HTTP_REQUEST {
        HSL::send $hsl "TLS Logging - Client: [IP::client_addr] Server: [virtual name] Cipher: [SSL::cipher version]"    
    }