You mentioned that you want to redirect BEFORE the SSL handshake occurs. Since the client is requesting an SSL connection, it will not pass any data until this connection is established. So, no, it is not possible to redirect before the SSL handshake, AFAIK.
As Ed said, you can terminate the SSL connection using a clinet-side SSL profile. Then in an iRule, you can redirect based in your condition.
This is a pretty classic chicken & egg question we get asked a lot. Maybe we should write this up more clearly/prominently so people can find it more easily?
Both above posters are correct, unfortunately. You can't access encrypted data until it's unencrypted on the LTM. It can't be unencrypted (since no traffic passes at all) until the handshake occurs. So you're kind of stuck.