issues capturing client and server side SSL handshake (only TCP profile on VIP)

Hi, im trying to capture both the client and server side of a SSL neg. I can capture the client side hand shake fine but i only seem to be able to catpure payload post ssl/tls neg on the server side.

when CLIENT_ACCEPTED priority 300 {
   TCP::collect

other unimportant logic here
}

when CLIENT_DATA priority 200 {
     store the original handshake to replay to the server after the CONNECT
    binary scan [TCP::payload] H* orig
    log -noname local5. "orig: $orig"
 more unimportant logic here
    TCP::release
}

when SERVER_CONNECTED priority 200 {
   TCP::collect 
}

when SERVER_DATA priority 200 {
    binary scan [TCP::payload] H* px_reply_dump
    log local5. "[IP::client_addr]:[TCP::client_port] px dump '$px_reply_dump' orig '$orig'"
 even more unimportant logic here
    TCP::release
}

On the client side i get the handshake 1603010048010000440301572263f9c084b8c4beb8b841bf536d6aea85dbe173bacb4f88ede3115db1a08900001600040005000a0009006400620003000600130012006301000005ff01000100

on the server side i get the payload which is HTTP 200 continue 485454502f312e302032303020436f6e6e65637465640d0a0d0a

i have tried all different things to try and capture the server side, collecting in LB::selected, using TCP notify to collect in USER_REQUESTED

i have seen examples like this: https://devcentral.f5.com/articles/irule-to-stop-sslv3-connections but in my case i just dont get the handshake.

Any advice or pointers?

the VS the irule is on

ltm virtual test_proxy_intercept {
    destination 0.0.0.0:https
    ip-protocol tcp
    mask any
    pool test_proxy_intercept
    profiles {
        tcp { }
    }
    rules {
        proxy-https
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    vlans {
        Inside-F5
        Outside-F5
    }
    vlans-enabled
    vs-index 4698
}