Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Drew666's avatar
Drew666
Icon for Nimbostratus rankNimbostratus
Oct 08, 2019

iRule CMD usage clarification - SSL::SNI

Hi,   I'm looking for an iRule command to extract the Server Name attribute (SNI) from an incoming SSL/TLS Client Hello packet. According to the F5 description:   [https://clouddocs.f5.com/a...
application delivery
irules
Yoann_Le_Corvi1's avatar
Yoann_Le_Corvi1
Icon for Cumulonimbus rankCumulonimbus
Oct 10, 2019

​Here it goes...

when CLIENTSSL_HANDSHAKE {
    log local0.info "CLIENTSSL_HANDSHAKE"
 
    set ext_exists [SSL::extensions exists -type 0]
    log local0.info "SSL extension type 0 exists: $ext_exists"
    if {$ext_exists} {
        set scan [binary scan [SSL::extensions -type 0] S1S1A4A* ext_type ext_len disc ext]
        
        #set sni_hostname [binary format H* $ext]
		log local0. "SSL server_name $ext"
    }
}
  • Drew666's avatar
    Drew666
    Icon for Nimbostratus rankNimbostratus
    Oct 20, 2019

     

    Hi Yoann

     

    Firstly my apologies for the late reply (have been away)

     

    I'll test it hopefully this week.

     

    Thanking you