For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

David_Larsen's avatar
David_Larsen
Icon for Employee rankEmployee
Oct 23, 2014

iRule Editor TLS support

We have been asked to block SSLv3 completely on the management interfaces of the F5 hardware. As soon as I do this the irule editor can no longer connect. Is there a way to make the iRule Editor us...
application delivery
devops
iRules
LTM
management
security
Renato's avatar
Renato
Icon for Altostratus rankAltostratus
Nov 05, 2015

What worked for me is the stunnel with the following configuration:

[local-open-port]
client = no
cert = stunnel.pem
accept = 127.0.0.1:443
connect = 127.0.0.1:9876

[redirect-to-bigip]
client = yes
accept = 127.0.0.1:9876
connect = ...:443

Just change the ... to your BIG-IP device address. Once done you can configure the iRule Editor to connect to localhost on port 443. It works because stunnel will create two different connections (full proxy?), what will also permit two distinct SSL negotiations, one that will work for the iRule Editor and another for the BIG-IP device.