Forum Discussion

Steve_84041's avatar
Steve_84041
Icon for Nimbostratus rankNimbostratus
Sep 11, 2008

iRules SSL client side for TCP

Hi,

 

 

I am terminating an SSL connection with a raw ASCII stream inside.

 

It's for a proprietary protocol that is just ASCII over TCP that I have made the client send over SSL.

 

This all works fine with a client SSL profile assigned to the virtual server and no profile set on the server side.

 

 

But I have added an iRule to inspect the first packet and see if it contains a string I am expecting, but I only get the encrypted data !

 

If I try and use server side events I can only get the data coming back from the server and not what the client is sending.

 

 

Any ideas ?

 

 

Cheers,

 

 

Steve

 

 

Here's my rule:

 

when CLIENT_ACCEPTED {

 

SSL::enable

 

}

 

 

when CLIENTSSL_HANDSHAKE {

 

log "SSL handshake ok"

 

TCP::collect

 

}

 

 

when CLIENT_DATA {

 

log "Client payload [TCP::payload]"

 

TCP::release

 

}

 

 

when SERVER_CONNECTED {

 

TCP::collect

 

}

 

 

when SERVER_DATA {

 

log "Server payload [TCP::payload]"

 

TCP::release

 

}

 

 

 

Example packet in the log looking encrypted:

 

: Client payload À-Â`ÃÃÃ)ð¶Â±¼`çÃÂRªúmÿsÂéq!ÃÂÂÃp\¤ .....

 

application delivery
dev
devops
iRules
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Sep 11, 2008
    This is a limitation in iRules. Spark posted a workaround using the 'virtual' command and a second VIP. Click here for the details.

     

     

    Aaron