Forum Discussion

Nimbostratus

Aug 01, 2018

An Irule for Client Ssl Profile that Allows Unassigned TLS Extension Values (17516)

Hello Community, I have a requirement to allow enriched https header enrichment. The SSL negotiation (I'm doing ssl termination on F5) fails because the enriched header from client contains res...

Employee

Nov 05, 2019

when CLIENTSSL_HANDSHAKE {
    if { [SSL::extensions exists -type 17516] } then {
        set tls_extension [SSL::extensions -type 17516]
    } else {
        set tls_extension ""
    }
}
when SERVERSSL_CLIENTHELLO_SEND {
    if { $tls_sni_extension ne "" } then {
        SSL::extensions insert $tls_extension
    }
}

this code is a copy of this code with your extension type

https://devcentral.f5.com/s/articles/client-side-to-server-side-sni-relay-irule-967

Baba_TABOURE

Nimbostratus

Nov 07, 2019

When we look at $data_hex, the value that we need is in bold:

0b01c08008c080c080c08033c2a2c2995ec29d0d0a0d0a

Please find attached the capture of packets entering to the BIGIP coming from the customer (not in the BIGUP but from a sniffer between client and BIGIP)

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)