Forum Discussion

CEnroth's avatar
Icon for Nimbostratus rankNimbostratus
Oct 31, 2023

LTM Policy don't trigger on ALPN in SSL_Client_Hello


Have someone successfully managed to get a LTM Policy to trigger on ALPN in "SSL Client Hello"?

I have created a policy like below, and attached it to a Virtual-Server.
But when I send/connect to VS, policy won't trigger and nothing is written to my log.
I have also tried with different Index values, but that makes no difference.

I have verified that the ALPN is present in TLS request, both with Wireshark but also with an iRule attached to same VS.






2 Replies

  • I've been playing with this, but also couldn't get it to work. It's unclear what index the SSL Extension alpn in the policy would be a valid one.

    • CEnroth's avatar
      Icon for Nimbostratus rankNimbostratus

      Hi Niels

      I really appreciate your help. For a while i thought i had done something wrong. But if you have tested it, and
      also can't get it to work then I’m quite sure that it is a "bugg" in the way Big IP handles ALPN in TLS packages.

      I will open a case towards F5, and see what kind of solution they will come up with.