For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Drew666's avatar
Drew666
Icon for Nimbostratus rankNimbostratus
Oct 09, 2019

iRule CMD usage clarification - SSL::SNI

Hi,   I'm looking for an iRule command to extract the Server Name attribute (SNI) from an incoming SSL/TLS Client Hello packet. According to the F5 description:   [https://clouddocs.f5.com/a...
application delivery
iRules
Yoann_Le_Corvi1's avatar
Yoann_Le_Corvi1
Icon for Cumulonimbus rankCumulonimbus
Oct 10, 2019

​Here it goes...

when CLIENTSSL_HANDSHAKE {
    log local0.info "CLIENTSSL_HANDSHAKE"
 
    set ext_exists [SSL::extensions exists -type 0]
    log local0.info "SSL extension type 0 exists: $ext_exists"
    if {$ext_exists} {
        set scan [binary scan [SSL::extensions -type 0] S1S1A4A* ext_type ext_len disc ext]
        
        #set sni_hostname [binary format H* $ext]
		log local0. "SSL server_name $ext"
    }
}
Drew666's avatar
Drew666
Icon for Nimbostratus rankNimbostratus
Oct 21, 2019

 

Hi Yoann

 

Firstly my apologies for the late reply (have been away)

 

I'll test it hopefully this week.

 

Thanking you