Forum Discussion

Nimbostratus

Aug 01, 2018

An Irule for Client Ssl Profile that Allows Unassigned TLS Extension Values (17516)

Hello Community, I have a requirement to allow enriched https header enrichment. The SSL negotiation (I'm doing ssl termination on F5) fails because the enriched header from client contains res...

Employee

The goal of this code is:

disable SSL profile on client side to disable TLS inspection before the code ends
binary search the expected extension
save in variable tls_extension_17516 the content of extension type 17516
save in variable ext_start the index of beginning of extension 17516
save in variable ext_len the extension 17516 length
replace in payload the extension with no value (from ext_start with length ext_len)

missing in the code :

change extension length to new value
change handshake length to new value

I will update the code with missing commands later.

Stan_PIRON_F5

Employee

Nov 05, 2019

I just updated the code above.

Can you try it and update this thread?

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

An Irule for Client Ssl Profile that Allows Unassigned TLS Extension Values (17516)

Recent Discussions

NAT for specific IPs

Upgrading BIGIP 2000S to R2600

TS Declarations for DNS

how to view list os client support via cli

automatic learning logs/report ?

Related Content

F5 CIS, TLS Extensions, and troubleshooting

add /browerWeb Extension after domain name

Forwarded HTTP Extension Insertion (RFC 7239)

Update your DevCentral user profile

SSL Profiles

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS