Forum Discussion
rossmpersonal
Altostratus
AltostratusHow do I do I obtain the TLS Finished struct in an iRule?
In an iRule, how do I obtain the Finished struct in the first TLS Finished message sent in the most recent TLS handshake of the TLS connection?
Stanislas_Piro2
Cumulonimbus
CumulonimbusYou can use this:
when CLIENT_ACCEPTED {
TCP::collect
set default_pool [LB::server pool]
}
when CLIENT_DATA {
Store TCP Payload up to 2^14 + 5 bytes (Handshake length is up to 2^14)
set payload [TCP::payload 16389]
If valid TLS 1.X CLIENT_HELLO handshake packet
if { [binary scan $payload cH4x2c tls_record_content_type tls_version tls_handshake_action] == 3 && \
($tls_record_content_type == 22) && \
([string match {030[1-3]} $tls_version])} {
switch $tls_handshake_action {
1 - 12 - 16 {
Valid Handshake message collect until Finished
TCP::release
TCP::collect
return
}
20 {
binary scan $payload H* MESSAGE
log local0. "Finished Message : MESSAGE"
TCP::release
return
}
default {
log local0. "unknown Message ID $tls_handshake_action"
TCP::release
return
}
}
}
TCP::release
}