Forum Discussion

Icon for Nimbostratus rank

Nimbostratus

Aug 01, 2018

An Irule for Client Ssl Profile that Allows Unassigned TLS Extension Values (17516)

Hello Community, I have a requirement to allow enriched https header enrichment. The SSL negotiation (I'm doing ssl termination on F5) fails because the enriched header from client contains res...

application delivery

client ssl profile

Icon for Employee rank

Employee

Nov 05, 2019

when CLIENTSSL_HANDSHAKE {
    if { [SSL::extensions exists -type 17516] } then {
        set tls_extension [SSL::extensions -type 17516]
    } else {
        set tls_extension ""
    }
}
when SERVERSSL_CLIENTHELLO_SEND {
    if { $tls_sni_extension ne "" } then {
        SSL::extensions insert $tls_extension
    }
}

this code is a copy of this code with your extension type

https://devcentral.f5.com/s/articles/client-side-to-server-side-sni-relay-irule-967

Icon for Nimbostratus rank

Nimbostratus

Nov 05, 2019

Thanks Stanislas, is this the reason why we have that kind of error sent during TLS Handshake?:

Alert (Level: Fatal, Description: Bad Record Mac).

Our F5 is the first network element we have before getting to the server.

AppWorld 2026: Save the Date and Join Our Community In Person!

DevCentral News

Introducing the F5 AI Assistant for BIG-IP

Technical Articles

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5