An Irule for Client Ssl Profile that Allows Unassigned TLS Extension Values (17516)

Thanks Stanislas, is this the reason why we have that kind of error sent during TLS Handshake?:

Alert (Level: Fatal, Description: Bad Record Mac).

Our F5 is the first network element we have before getting to the server.

I remember this.. Can you confirm this is this scenario:

• The client does not insert this extension
• A service between the client and the BigIP add this extension in the CLIENT_HELLO message
• The client reject the BigIP Handshake Message

If this is the scenario, there is no solution as TLS protocol does not support such change.

Hereafter the scénario:

• The client does not insert this extension
  • The client is a mobile which does not add the extension
• A service between the client and the BigIP add this extension in the CLIENT_HELLO message
  • A service (such as DPI) between the client mobile and the BigIP add this extension
• The reject is coming from the floating IP of BigIP (the public ip 196.207.246.112 in the image).
  • Alert (Level: Fatal, Description: Bad Record Mac)

PS: The BigIP is suppose to forward alls request coming from the client to the server

You can try this to catch and remove this extension from CLIENT_HELLO packet (not tested)

it will then insert it in server side TLS handshake

when CLIENT_ACCEPTED {
    set tls_extension_17516 ""
    SSL::disable   
    TCP::collect
}
 
when CLIENT_DATA {
    # Store TCP Payload up to 2^14 + 5 bytes (Handshake length is up to 2^14)
    set payload [TCP::payload 16389]
    set payloadlen [TCP::payload length]
    
    # If valid TLS 1.X CLIENT_HELLO handshake packet
    if { [binary scan $payload cH4ScH6H4x32c tls_record_content_type tls_version tls_recordlen tls_handshake_action tls_handshakelen_hex tls_handshake_version tls_handshake_sessidlen] == 7 && \
        ($tls_record_content_type == 22) && \
        ([string match {030[1-3]} $tls_version]) && \
        ($tls_handshake_action == 1) && \
        ($payloadlen == ($tls_recordlen & 0xffff )+5)} {
        
        # store in a variable the handshake length
        #set tls_handshakelen [expr 0x$tls_handshakelen_hex]
        scan $tls_handshakelen_hex %x tls_handshakelen
        # store in a variable the handshake version
        set tls_handshake_prefered_version $tls_handshake_version
 
        # skip past the session id
        set record_offset [expr {44 + ($tls_handshake_sessidlen & 0xff)}]
 
        # skip past the cipher list
        binary scan $payload @${record_offset}S tls_ciphlen
        set record_offset [expr {$record_offset + 2 + ($tls_ciphlen & 0xffff)}]
 
        # skip past the compression list
        binary scan $payload @${record_offset}c tls_complen
        set record_offset [expr {$record_offset + 1 + ($tls_complen & 0xffff)}]
 
        # check for the existence of ssl extensions
        if { ($payloadlen > $record_offset) } {
            # skip to the start of the first extension
            set tls_extension_length_start $record_offset
            binary scan $payload @${record_offset}S tls_extension_length
            set record_offset [expr {$record_offset + 2}]
            # Check if extension length + offset equals payload length
            if {$record_offset + ($tls_extension_length & 0xffff) == $payloadlen} {
                # for each extension
                while { $record_offset < $payloadlen } {
                    binary scan $payload @${record_offset}SS tls_extension_type tls_extension_record_length
                    set tls_extension_record_length [expr {$tls_extension_record_length & 0xffff}]
                    if { $tls_extension_type == 17516 } {
                        # if it's extension type 17516
                        binary scan $payload @${record_offset}A[expr {$tls_extension_record_length +4}] tls_extension_17516
                        set ext_start $record_offset
                        set ext_len [expr {$tls_extension_record_length + 4}]
                        set record_offset [expr {$record_offset + $tls_extension_record_length + 4}]
                    } else {
                        # skip over other extensions
                        set record_offset [expr {$record_offset + $tls_extension_record_length + 4}]
                    }
                }
            }
        }
    }
    unset -nocomplain payload payloadlen tls_record_content_type tls_handshake_action tls_handshake_sessidlen record_offset tls_ciphlen tls_complen tls_extension_type tls_extension_record_length tls_supported_versions_length tls_supported_versions
    if {$tls_extension_17516 ne ""} {
        # remove extension from Payload
        TCP::payload replace $ext_start $ext_len ""
        # Change extension Length
        TCP::payload replace $tls_extension_length_start 2 [binary format S [expr {($tls_extension_length & 0xffff) - $ext_len}]]
        # Change Handshake Length
        TCP::payload replace 6 3 [binary format H6 [format %06X [expr {$tls_handshakelen - $ext_len}]]]
        # Change Message Length
        TCP::payload replace 3 2 [binary format S [expr {($tls_recordlen & 0xffff) - $ext_len}]]
    }
    SSL::enable
    TCP::release
}
 
when SERVERSSL_CLIENTHELLO_SEND {
    if { $tls_extension_17516 ne "" } {
        SSL::extensions insert $tls_extension_17516
    }
}

Hi Stanislas,

Our IT team try to implement your script, this is what we got in BIGIP outgoing packet (extracted for wireshark) regarding what is in the tls_extension_17516 variable:

Dl\300\200\v\001\300\200\b\300\200\300\200\300\2003\302\242\302\231^\302\235\r\n\r\n

This what we have before the BIGIP (in hexa from wireshark)

Does it mean the client side TLS session succeed now after removing the attribute? (it was unsuccessful without this code)

So next problem to solve is to add the attribute on server side.

The TLS session succeed now but the problem is to fetch the data value in the extension and sent it to a proper format (hexa, decimal ou string) to the server.

According to your variable, you must have this:

$ tclsh
% set var Dl\300\200\v\001\300\200\b\300\200\300\200\300\2003\302\242\302\231^\302\235\r\n\r\n
% binary scan $var SSa* type length data
3
% echo $type
17516
% echo $length
-16256
% expr {$length & 0xffff}
49280
% binary scan $data H* data_hex
1
% echo $data_hex
0b01c08008c080c080c08033c2a2c2995ec29d0d0a0d0a
% string length $data
23

There is a issue with length which must not be negative. This is because binary command returns signed integers.

I will upload a new version of the code above to convert signed to unsigned integer.

Can you confirm the length value with may be wrong (negative numbers means more than 32768, but the whole TLS handshake must not be larger than 16389)

 Can you do a Wireshark capture on BigIP client side?

When we look at $data_hex, the value that we need is in bold:

0b01c08008c080c080c08033c2a2c2995ec29d0d0a0d0a

Please find attached the capture of packets entering to the BIGIP coming from the customer (not in the BIGUP but from a sniffer between client and BIGIP)

Hi stanislas,

Is this last update of the script or this is not finished yet?