Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Matt_May_64216's avatar
Matt_May_64216
Icon for Nimbostratus rankNimbostratus
Oct 06, 2005

Reading TCP:Payload from a SSL'd Virtual Server

Im trying to read the first few bytes of a incomming connection to decide where it goes. When i have a SSL Profile (Client) setup on the Virtual server the TCP::Payload returns the encrypted data. Is ...
application delivery
dev
devops
irules
unRuleY_95363's avatar
unRuleY_95363
Historic F5 Account
Oct 06, 2005
Unfortunately, we don't yet have an SSL::collect, SSL::payload or an SSL_DATA event and that would be needed to inspect the unencrypted data.

 

 

One really crazy work-around would be to connect one switch port to another switch port that's in a second vlan on the front of the BigIP. Then you would create a separate virtual and route the unencrypted connection back through the second virtual where you could then inspect the unencrypted data and load-balance to the final pool. The only drawback is the added latency of going through the BigIP twice.