f5-rahm/vip_ssl_check.tcl

## vip_ssl_check.tcl
cli script vip_ssl_check.tcl {
proc script::init {} {
    set ::cssl_profiles ""
    set ::sssl_profiles ""
}
proc print_ssl_details {vip cs ss insp} {
    puts "Virtual: $vip"
    puts "\tClient-side encrypted: $cs"
    puts "\tServer-side encrypted: $ss"
    puts "\tInspection possible: $insp"
}
proc script::run {} {
    # Build a list of Client SSL Profiles
    foreach cssl_profile [tmsh::get_config /ltm profile client-ssl] {
        lappend ::cssl_profiles "[tmsh::get_name $cssl_profile]"
    }
    # Build a list of Server SSL Profiles
    foreach sssl_profile [tmsh::get_config /ltm profile server-ssl] {
        lappend ::sssl_profiles "[tmsh::get_name $sssl_profile]"
    }

    # Iterate through Virtual Servers
    foreach virtual [tmsh::get_config /ltm virtual] {
        set vip_name [tmsh::get_name $virtual]
        foreach profile [tmsh::get_field_value $virtual profiles] {
            set profile_name [tmsh::get_name $profile]
            if { [lsearch -exact $::cssl_profiles $profile_name] != -1 } {
                set cssl_match 1
            }
            if { [lsearch -exact $::sssl_profiles $profile_name] != -1 } {
                set sssl_match 1
            }
        }
        if { [info exists cssl_match] && [info exists sssl_match] } {
            # Client-side & Server-side profiles
            print_ssl_details $vip_name true true true
            unset cssl_match
            unset sssl_match
        } elseif { [info exists cssl_match] } {
            # Client-side profile only
            print_ssl_details $vip_name true false true
            unset cssl_match
        } elseif { [info exists sssl_match] } {
            # Server-side profile only
            print_ssl_details $vip_name false true true
            unset sssl_match
        } elseif { [lindex [split [tmsh::get_field_value $virtual destination] ":"] 1] eq "https" } {
            # No profiles, but port 443, likely passthrough
            print_ssl_details $vip_name true true false
        } else {
            # No profiles or known SSL ports, likely unencrypted
            print_ssl_details $vip_name false false true
        }
    }
}
    total-signing-status not-all-signed
}
	cli script vip_ssl_check.tcl {
	proc script::init {} {
	set ::cssl_profiles ""
	set ::sssl_profiles ""
	}
	proc print_ssl_details {vip cs ss insp} {
	puts "Virtual: $vip"
	puts "\tClient-side encrypted: $cs"
	puts "\tServer-side encrypted: $ss"
	puts "\tInspection possible: $insp"
	}
	proc script::run {} {
	# Build a list of Client SSL Profiles
	foreach cssl_profile [tmsh::get_config /ltm profile client-ssl] {
	lappend ::cssl_profiles "[tmsh::get_name $cssl_profile]"
	}
	# Build a list of Server SSL Profiles
	foreach sssl_profile [tmsh::get_config /ltm profile server-ssl] {
	lappend ::sssl_profiles "[tmsh::get_name $sssl_profile]"
	}

	# Iterate through Virtual Servers
	foreach virtual [tmsh::get_config /ltm virtual] {
	set vip_name [tmsh::get_name $virtual]
	foreach profile [tmsh::get_field_value $virtual profiles] {
	set profile_name [tmsh::get_name $profile]
	if { [lsearch -exact $::cssl_profiles $profile_name] != -1 } {
	set cssl_match 1
	}
	if { [lsearch -exact $::sssl_profiles $profile_name] != -1 } {
	set sssl_match 1
	}
	}
	if { [info exists cssl_match] && [info exists sssl_match] } {
	# Client-side & Server-side profiles
	print_ssl_details $vip_name true true true
	unset cssl_match
	unset sssl_match
	} elseif { [info exists cssl_match] } {
	# Client-side profile only
	print_ssl_details $vip_name true false true
	unset cssl_match
	} elseif { [info exists sssl_match] } {
	# Server-side profile only
	print_ssl_details $vip_name false true true
	unset sssl_match
	} elseif { [lindex [split [tmsh::get_field_value $virtual destination] ":"] 1] eq "https" } {
	# No profiles, but port 443, likely passthrough
	print_ssl_details $vip_name true true false
	} else {
	# No profiles or known SSL ports, likely unencrypted
	print_ssl_details $vip_name false false true
	}
	}
	}
	total-signing-status not-all-signed
	}