Thursday, 8 August 2019

TIP SSL auditing F5 ltm virtual-servers

In a pinch and to find or prove a F5 LTM is NOT  negotiating  SSL protocols, you can run the following command from the TMSH
If you build a list of  SSL_profiles you could run these thru a ssh session and against each profile to find what profile is negotiating SSL v2 or v3

e.g

 echo -e "show ltm profile client-ssl | grep ClientSSL" |  ssh <username@ltmaddress>  | awk ' { print$3}' > listofprofiles.txt


show ltm profiles client-ssl <profilename> | grep Proto



for p in ` cat file.txt`; do  do echo -e "checking profile $p\n"; echo -e "\n"; echo -e "show ltm profile client-ssl $p | grep Proto" | ssh username@ltm_address ;done




Doing  this approach  is a quick sure way for finding  SSL enable virtual-servers client-ssl profiles that are using SSL protocols.

No comments:

Post a Comment

iRule

  iRule: -- o iRule is a powerful and flexible feature within the BIG-IP local traffic management (LTM). o IRule is a powerful & flexibl...