Tuesday, January 3, 2017

TIP SSL auditing F5 ltm virtual-servers

In a pinch and to find or prove a F5 LTM is NOT  negotiating  SSL protocols, you can run the following command from the TMSH

If you build a list of  SSL_profiles you could run these thru a ssh session and against each profile to find what profile is negotiating SSL v2 or v3


 echo -e "show ltm profile client-ssl | grep ClientSSL" |  ssh <username@ltmaddress>  | awk ' { print$3}' > listofprofiles.txt

show ltm profiles client-ssl <profilename> | grep Proto

for p in ` cat file.txt`; do  do echo -e "checking profile $p\n"; echo -e "\n"; echo -e "show ltm profile client-ssl $p | grep Proto" | ssh username@ltm_address ;done

Doing  this approach  is a quick sure way for finding  SSL enable virtual-servers client-ssl profiles that are using SSL protocols.

NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
        /  \

No comments:

Post a Comment