Forum Discussion

Nimbostratus

Sep 01, 2019

iRule_TLS

Hi, much appreciate your guidance to achieve the following through iRule; 1- at the TCP level; iRule read the payload and find the client hello header. 2- then search for extension of 229938,...

Employee

Sep 03, 2019

Hi Hardi,

There are SSL commands which you can use to extract the extensions ( https://clouddocs.f5.com/api/irules/SSL__extensions.html ) but of course for that you need to operate at the SSL level. At the TCP level you would have to binary scan the client hello, work out exactly where that extension is and extract only that part of the data. That is quite tricky with variable length headers ie the extension you want may be the first or the third and the SSL header includes a number of variable-length fields. Not easy to do, especially in TCL. I'm sure it's possible but it it more than i could write here.

Example pseudocode

when CLIENT_ACCEPTED

TCP::collect

endwhen

when CLIENT_DATA

binary scan payload

if client-hello then

binary scan TLS header

loop through extensions

endif

endwhen

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

iRule_TLS

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

CVE mitigation on F5 XC vs classic F5 WAF

Could not communicate with the system. Try to reload page.

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS