Forum Discussion

Nimbostratus

Aug 01, 2018

An Irule for Client Ssl Profile that Allows Unassigned TLS Extension Values (17516)

Hello Community, I have a requirement to allow enriched https header enrichment. The SSL negotiation (I'm doing ssl termination on F5) fails because the enriched header from client contains res...

Employee

The goal of this code is:

disable SSL profile on client side to disable TLS inspection before the code ends
binary search the expected extension
save in variable tls_extension_17516 the content of extension type 17516
save in variable ext_start the index of beginning of extension 17516
save in variable ext_len the extension 17516 length
replace in payload the extension with no value (from ext_start with length ext_len)

missing in the code :

change extension length to new value
change handshake length to new value

I will update the code with missing commands later.

Stan_PIRON_F5

Employee

Nov 05, 2019

I just updated the code above.

Can you try it and update this thread?

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

An Irule for Client Ssl Profile that Allows Unassigned TLS Extension Values (17516)

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

add /browerWeb Extension after domain name

DoS Profiles

APM (& LTM) Session & Cookie Information - Chrome Extension

LDAP StartTLS Extension to LDAPS Proxy

Installing and running iControl extensions in isolated GCP VPCs

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS