Performed "Convert With ACC" using F5 ACC Chariot extension v1.11.0 on the app.conf below, and getting a resulting declaration missing any SSL profile reference. The SSL profile config is not in the unsupported section of logging:
ltm virtual /Common/application1.prestonashworth.com_443 {
creation-time 2020-01-18:17:56:36
destination /Common/10.10.0.101:443
ip-protocol tcp
last-modified-time 2021-02-04:22:18:00
mask 255.255.255.255
pool /Common/app1.service_discovery.app/app1.service_discovery_pool
profiles {
/Common/application1.prestonashworth.com_2020 {
context clientside
}
/Common/http { }
/Common/tcp { }
}
rules {
/Common/SSL_client_ciphers_selected
}
serverssl-use-sni disabled
source 0.0.0.0/0
translate-address enabled
translate-port enabled
}
ltm pool /Common/app1.service_discovery.app/app1.service_discovery_pool {
app-service /Common/app1.service_discovery.app/app1.service_discovery
load-balancing-mode least-connections-member
members {
/Common/172.28.0.154:80 {
address 172.28.0.154
description i-06939aaacd7c6321d-private
}
/Common/172.28.0.25:80 {
address 172.28.0.25
description i-088eeb216d051cf4c-private
}
/Common/172.28.0.32:80 {
address 172.28.0.32
description i-05b86bb44a52c3dfa-private
}
/Common/172.28.0.93:80 {
address 172.28.0.93
description i-08bd9d9e449d8517c-private
}
}
monitor /Common/http
}
ltm profile client-ssl /Common/application1.prestonashworth.com_2020 {
app-service none
cert-key-chain {
application1_application1_0 {
cert /Common/application1.crt
chain /Common/application1.crt
key /Common/application1.key
}
}
defaults-from /Common/clientssl
inherit-ca-certkeychain true
inherit-certkeychain false
}
ltm rule /Common/SSL_client_ciphers_selected {
when HTTP_REQUEST {
log local0.notice "[SSL::cipher version] - Client [IP::client_addr]:[TCP::client_port] -> HostHeaderName/URI [HTTP::host][HTTP::uri] -"
}
}
This is the debug log output (with F5 Extension setting Log level set to verbose and NGINX log level set to debug):
[2021-05-24T21:05:03.496Z] [INFO]: f5.chariot.convert called
[2021-05-24T21:05:03.496Z] [DEBUG]: f5.chariot.convert text found
[2021-05-24T21:05:04.277Z] [DEBUG]: ACC METADATA {
recognized: {
'ltm virtual /Common/application1.prestonashworth.com_443': {
'creation-time': '2020-01-18:17:56:36',
destination: '/Common/10.10.0.101:443',
'ip-protocol': 'tcp',
'last-modified-time': '2021-02-04:22:18:00',
mask: '255.255.255.255',
pool: '/Common/app1.service_discovery.app/app1.service_discovery_pool',
profiles: '{',
'/Common/http': {},
'/Common/tcp': {},
'}': '',
rules: '{',
'/Common/SSL_client_ciphers_selected': '',
'serverssl-use-sni': 'disabled',
source: '0.0.0.0/0',
'translate-address': 'enabled',
'translate-port': 'enabled'
},
'ltm profile client-ssl /Common/application1.prestonashworth.com_2020': {
'app-service': 'none',
'cert-key-chain': '{',
'}': '',
'defaults-from': '/Common/clientssl',
'inherit-ca-certkeychain': 'true',
'inherit-certkeychain': 'false'
},
'ltm rule /Common/SSL_client_ciphers_selected': 'when HTTP_REQUEST {\r\n' +
' log local0.notice "[SSL::cipher version] - Client [IP::client_addr]:[TCP::client_port] -> HostHeaderName/URI [HTTP::host][HTTP::uri] -"\r\n' +
'}\r'
},
supported: {
'ltm virtual /Common/application1.prestonashworth.com_443': {
'creation-time': '2020-01-18:17:56:36',
destination: '/Common/10.10.0.101:443',
'ip-protocol': 'tcp',
'last-modified-time': '2021-02-04:22:18:00',
mask: '255.255.255.255',
pool: '/Common/app1.service_discovery.app/app1.service_discovery_pool',
profiles: '{',
'/Common/http': {},
'/Common/tcp': {},
'}': '',
rules: '{',
'/Common/SSL_client_ciphers_selected': '',
'serverssl-use-sni': 'disabled',
source: '0.0.0.0/0',
'translate-address': 'enabled',
'translate-port': 'enabled'
},
'ltm profile client-ssl /Common/application1.prestonashworth.com_2020': {
'app-service': 'none',
'cert-key-chain': '{',
'}': '',
'defaults-from': '/Common/clientssl',
'inherit-ca-certkeychain': 'true',
'inherit-certkeychain': 'false'
},
'ltm rule /Common/SSL_client_ciphers_selected': 'when HTTP_REQUEST {\r\n' +
' log local0.notice "[SSL::cipher version] - Client [IP::client_addr]:[TCP::client_port] -> HostHeaderName/URI [HTTP::host][HTTP::uri] -"\r\n' +
'}\r'
},
unSupported: {
'ltm pool /Common/app1.service_discovery.app/app1.service_discovery_pool': {
'app-service': '/Common/app1.service_discovery.app/app1.service_discovery',
'load-balancing-mode': 'least-connections-member',
members: '{',
'}': '',
monitor: '/Common/http'
}
},
declarationInfo: {
classes: { iRule: 1, Service_Generic: 1 },
maps: {
applications: [ '/Common/Shared' ],
objects: [
'/Common/Shared/application1.prestonashworth.com_443',
'/Common/Shared/SSL_client_ciphers_selected'
],
tenants: [ '/Common' ]
},
total: 2
}
}
{
"class": "ADC",
"schemaVersion": "3.26.0",
"id": "urn:uuid:313786db-56e1-4c36-b3b7-cd96d6035720",
"label": "Converted Declaration",
"remark": "Auto-generated by AS3 Config Converter",
"Common": {
"class": "Tenant",
"Shared": {
"class": "Application",
"template": "shared",
"application1.prestonashworth.com_443": {
"layer4": "tcp",
"pool": "/Common/app1.service_discovery.app/app1.service_discovery_pool",
"iRules": [
{
"use": "0"
}
],
"translateServerAddress": true,
"translateServerPort": true,
"class": "Service_Generic",
"virtualAddresses": [
"10.10.0.101"
],
"virtualPort": 443,
"persistenceMethods": [],
"snat": "none"
},
"SSL_client_ciphers_selected": {
"class": "iRule",
"iRule": {
"base64": "d2hlbiBIVFRQX1JFUVVFU1Qgew0KICAgIGxvZyBsb2NhbDAubm90aWNlICJbU1NMOjpjaXBoZXIgdmVyc2lvbl0gLSBDbGllbnQgW0lQOjpjbGllbnRfYWRkcl06W1RDUDo6Y2xpZW50X3BvcnRdIC0+IEhvc3RIZWFkZXJOYW1lL1VSSSBbSFRUUDo6aG9zdF1bSFRUUDo6dXJpXSAtIg0KfQ0="
}
}
}
}
}