Forum Discussion
kazeem_yusuf1
Aug 01, 2018Nimbostratus
An Irule for Client Ssl Profile that Allows Unassigned TLS Extension Values (17516)
Hello Community,
I have a requirement to allow enriched https header enrichment. The SSL negotiation (I'm doing ssl termination on F5) fails because the enriched header from client contains res...
Kevin_Stewart
Aug 22, 2018Employee
If you're trying to reflect the client's MSISDN extension to the server, you definitely want to use the SERVERSSL_CLIENTHELLO_SEND event. It does not require forward proxy to use this event.
when SERVERSSL_CLIENTHELLO_SEND {
set msisdn "foobar"
set bin [binary format S1S1S1S1ca* 17516 [expr [string length ${msisdn}] + 5] [expr [string length ${msisdn}] + 3] 0 [string length ${msisdn}] ${msisdn}]
SSL::extensions insert $bin
}
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects