For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Angel_Lopez_116's avatar
Angel_Lopez_116
Icon for Altostratus rankAltostratus
Mar 26, 2014

Differentiate between client-initiated and server-initiated SSL renegotiations

Hi!   I'm trying to configure my F5 LTM 11.3 to be able to allow server-initiated SSL renegotiations but reject client-initiated SSL renegotiations. In the clientssl profile I've configured a rene...
application delivery
devops
iRules
LTM
security
ssl
TMOS
nitass's avatar
nitass
Icon for Employee rankEmployee
May 26, 2014

In a SSL dialog between client and BigIP, there's a way to differentiate when the BigIP has initiated the negetotiation, and that's the "Hello Request" message sent from the BigIP when it's requesting the "Hello" from the client to start the new handshake, and that's what I thought I could manage from an iRule, but I guess I can't.

 

is CLIENTSSL_CLIENTHELLO event useful?

 

CLIENTSSL_CLIENTHELLO

 

https://devcentral.f5.com/wiki/iRules.CLIENTSSL_CLIENTHELLO.ashx

 

Brett_Prucha's avatar
Brett_Prucha
Icon for Nimbostratus rankNimbostratus
Jul 29, 2019

I followed the iRule as described in:

 

https://devcentral.f5.com/articles/ssl-renegotiation-dos-attack-ndash-an-irule-countermeasure

 

Except I used the code in the CLIENTSSL_HANDSHAKE event in the CLIENTSSL_CLIENTHELLO event instead. Also instead of using the maxquery variable of 5 I set it to 1 and added an additional flag in the if condition that references that variable that I set when I request renegotiation on the server side. That ensures renegotiation only occurs when initiated by the server.

 

I tested it using SSLyze --reneg and confirmed it blocked client side renegotiation.

 

https://github.com/nabla-c0d3/sslyze

 

 

 

  • Brett_Prucha's avatar
    Brett_Prucha
    Icon for Nimbostratus rankNimbostratus
    Jul 29, 2019
    when CLIENT_ACCEPTED { 
  set rand [expr { int(10000000 * rand()) }] 
} 
when CLIENTSSL_CLIENTHELLO { 
  set reqno [table incr "reqs$rand"] 
  table set -subtable "reqrate:$rand" $reqno "ignored" indefinite $static::seconds 
  if { ![info exists server_renegotiate] and [table keys -count -subtable "reqrate:$rand"] > 1 } { 
    after 5000 
    drop 
  } 
} 
when CLIENT_CLOSED { 
  table delete reqs$rand 
  table delete –subtable reqrate:$rand –all 
}
  • Latchezar_Dimov's avatar
    Latchezar_Dimov
    Icon for Nimbostratus rankNimbostratus
    Dec 10, 2020

    Hello Brett, as I am not good in wrinting iRules by myself, I am usually searching for similar rules and use them. In this case we want to achieve exactly the same. Block all client initiated renegotiations and allow only server intiated renegotiations.

     

    I have applied that iRule, but unfortunately even the very first attemp for connection is being blocked. The session goes SYN -> SYN-ACK -> ACK -> CLIENT_HELLO -> RESET (the reset is sent by the BIG-IP). What would cause that, have you experienced any issues with the iRule?

  • Brett_Prucha's avatar
    Brett_Prucha
    Icon for Nimbostratus rankNimbostratus
    Dec 10, 2020

    It's been a while since I've looked at this but from reviewing my current setup it looks like I am no longer dropping the connection on CLIENTSSL_CLIENTHELLO. It looks like I've disabled the renegotiation setting within the ssl profile and before I initiate the renegotiation within the iRule I call "SSL::renegotiate enable".

     

    Hope that helps you.

  • Latchezar_Dimov's avatar
    Latchezar_Dimov
    Icon for Nimbostratus rankNimbostratus
    Dec 11, 2020

    I see, thanks. With the customer we agreed to use the "official" iRule provided by F5 for the DDOS protection, so I think we are good to do that way. Thanks a lot for your reply, even you wrote the answer more than year ago. :)