Forum Discussion
AltostratusHow can I check for HelloRequest SSL messages
Get the latest updates on how F5 mitigates Heartbleed
Hi,
I'd like to be able to detect a HelloRequest message in the dialogue between a client and the BIG-IP (I'd like who initiate the ssl renegotiation). I didn't find any SSL event that could be useful for this but I guess that maybe I could check for this messages in the TCP flow using a "binary scan" as in the latest iRules published here that check for the heartbeat messages of the heartbleed attack.
How could I do it something like that? any reference example to study it?
Thanks!
5 Replies
PK_BhatiaNimbostratus
I am not sure if you are trying to get this from tmsh, may be you try with ssldump ..
https://devcentral.f5.com/articles/troubleshooting-tls-problems-with-ssldump.U01TQPldXAk
Thanks. PK
Angel_Lopez_116I'm trying to do it from an iRule. I'd like to manage the HelloRequest SSL message sent from the BIG-IP to the client.
- PK_Bhatia
I am not sure if this is what you are looking for, check the event list...
https://devcentral.f5.com/wiki/iRules.SSL.ashx
- Angel_Lopez_116
I've reviewed the ssl event list but I don't know how I could manage the "HelloRequest" message that the BIG-IP send to the client when the BIG-IP wants to start a renegotiation. I guess I could use the "binary scan" feature to check for this message in the TCP flow, but I'm not sure how I could do it.
- nitass
Employee
i do not have an example but what you understand is correct - you have to keep collecting/releasing tcp payload (i.e. TCP::collect, TCP::release) and search for hello request message (i.e. binary scan).
