Forum Discussion
kazeem_yusuf1
Aug 01, 2018Nimbostratus
An Irule for Client Ssl Profile that Allows Unassigned TLS Extension Values (17516)
Hello Community,
I have a requirement to allow enriched https header enrichment. The SSL negotiation (I'm doing ssl termination on F5) fails because the enriched header from client contains res...
Stan_PIRON_F5
Employee
The goal of this code is:
- disable SSL profile on client side to disable TLS inspection before the code ends
- binary search the expected extension
- save in variable tls_extension_17516 the content of extension type 17516
- save in variable ext_start the index of beginning of extension 17516
- save in variable ext_len the extension 17516 length
- replace in payload the extension with no value (from ext_start with length ext_len)
missing in the code :
- change extension length to new value
- change handshake length to new value
I will update the code with missing commands later.
Stan_PIRON_F5
Nov 05, 2019Employee
I just updated the code above.
Can you try it and update this thread?
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects