Forum Discussion
CirrusiRule dont work with TLSv1.3
Hi,
can anyone tell my why this iRule dont work with TLS1.3?
when CLIENTSSL_CLIENTCERT {
if { [SSL::cert 0] eq "" } {
}
else {
if {not([X509::not_valid_before [SSL::cert 0]] contains "2021")} {
log local0. "oldCert: [X509::subject [SSL::cert 0]] -> [X509::issuer [SSL::cert 0]]"
}
else {
log local0. "oldCert: newCert [X509::subject [SSL::cert 0]] -> [X509::issuer [SSL::cert 0]]"
}Cheers
Have you seen this:
https://cdn.f5.com/product/bugtracker/ID753925.html (always use the F5 bug tracker to check for know bugs)?
To be certain that it is a bug add simple log local0. after " CLIENTSSL_CLIENTCERT { " and before " if { [SSL::cert 0] eq "" } { " also add loh local0. right after " if { [SSL::cert 0] eq "" } { ". Maybe also add log local0. right after " else { " and before " if {not([X509::not_valid_before [SSL::cert 0]] contains "2021")} { "
This way you will se to where the irule is triggered before it stops working.
3 Replies
spalandeNacreous
What error do you receive? FYI - it might be typo on your end, it's missing last 2 curly brackets.
mwino error, just no logging. If I enable "no TLS1.3" in the SSL-Profile it works.
The brackets are my fault, i didnt copy the whole irule
- Nikoolayy1
MVP
Have you seen this:
https://cdn.f5.com/product/bugtracker/ID753925.html (always use the F5 bug tracker to check for know bugs)?
To be certain that it is a bug add simple log local0. after " CLIENTSSL_CLIENTCERT { " and before " if { [SSL::cert 0] eq "" } { " also add loh local0. right after " if { [SSL::cert 0] eq "" } { ". Maybe also add log local0. right after " else { " and before " if {not([X509::not_valid_before [SSL::cert 0]] contains "2021")} { "
This way you will se to where the irule is triggered before it stops working.
