Tuesday, January 3, 2017

TIP SSL auditing F5 ltm virtual-servers

In a pinch and to find or prove a F5 LTM is NOT  negotiating  SSL protocols, you can run the following command from the TMSH



If you build a list of  SSL_profiles you could run these thru a ssh session and against each profile to find what profile is negotiating SSL v2 or v3

e.g

 echo -e "show ltm profile client-ssl | grep ClientSSL" |  ssh <username@ltmaddress>  | awk ' { print$3}' > listofprofiles.txt


show ltm profiles client-ssl <profilename> | grep Proto



for p in ` cat file.txt`; do  do echo -e "checking profile $p\n"; echo -e "\n"; echo -e "show ltm profile client-ssl $p | grep Proto" | ssh username@ltm_address ;done




Doing  this approach  is a quick sure way for finding  SSL enable virtual-servers client-ssl profiles that are using SSL protocols.





Ken
NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
         o 
        /  \

No comments:

Post a Comment