support for 'SSL::payload'

Question

Hi,&nbsp;
&nbsp;I'm trying to create an iRule for injecting client certificate information in a Big-IP SSL terminated POP3 service, so the backend POP3 servers can identify  clients based on their SSL certificate.
&nbsp;However TCP::payload returns/manipulates the encrypted SSL traffic, rather than the decrypted data. 
&nbsp;On this forum I read there are/were plans for adding SSL::payload, SSL::collect, etc. This sounds exactly what I need. 
&nbsp;Can any of the developers comment on whether this feature will be added indeed, and roughly when to expect it?&nbsp;
&nbsp;Thanks in advance,&nbsp;
&nbsp;Bastiaan Bakker
&nbsp;Senior Software Engineer
&nbsp;E.Novation LifeLine Networks bv&nbsp;&nbsp;

bl0ndie_127134 · Answer

If you are using 9.2 or later release try experimenting with the stream profile. Here is some data on how it works Click here&nbsp;&nbsp;

bastiaan_bakker · Answer

Thanks for the hint. This streaming profile feature looks like a much more elegant approach than 'SSL::payload replace'. Now, let's see if I can get this to work!&nbsp;
&nbsp;Best Regards,&nbsp;
&nbsp;Bastiaan&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;

Forum Discussion

support for 'SSL::payload'

Recent Discussions

How to Renew F5 Device Certificate

How to export a list of paired external service providers from APM?

BIG-IP Edge Endpoint Inspection Failure pre-VPN

BIG IP LTM - Multiple application on single VIP with multiple ports allowed.

Service discovery is not happening in AS3

Related Content

SSL::payload replace - silent failure?

Securing Applications using mTLS Supported by F5 Distributed Cloud

Cipher Suites Supported (12.1.5.3)

Support of WAF Signature Staging in F5 Distributed Cloud (XC)

TMOS v17 support policy

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS