For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

nrelihan_68143's avatar
nrelihan_68143
Icon for Nimbostratus rankNimbostratus
Mar 29, 2012

Append TLS header to SMTP payload

Hey,     After implementing the "SMTP Start TLS" ( https://devcentral.f5.com/wiki/iRules.SMTP_Start_TLS.ashx ) with a little configuration, there is a requirement for the TLS header be attache...
application delivery
dev
devops
iRules
nrelihan_68143's avatar
nrelihan_68143
Icon for Nimbostratus rankNimbostratus
Mar 29, 2012
iRule in question: 

when CLIENT_ACCEPTED {
    set ehlo 0
    SSL::disable
}
when SERVER_CONNECTED {
    TCP::collect
}
when CLIENT_DATA {
    set lcpayload [string tolower [TCP::payload]]
    if { $lcpayload starts_with "ehlo" } {
        set ehlo 1
        TCP::release
        serverside { TCP::collect }
    } elseif { $lcpayload starts_with "starttls" } {
        TCP::respond "220 Ready to start TLS\r\n"
        TCP::payload replace 0 [TCP::payload length] ""
        TCP::release
        SSL::enable
    } else {
        TCP::release
    }
}
when SERVER_DATA {
    set lspayload [string tolower [TCP::payload]]
    if { $ehlo == 1 and not ( $lspayload contains "starttls" ) } {
        if { $lspayload contains "250 ok\r\n" } {
            TCP::payload replace [expr [TCP::payload length] - 8] 0 "250-STARTTLS\r\n"
        }
    }
    TCP::release
    clientside { TCP::collect }
}