iRules Feature Highlight: SSL Commands
Yet another section of the iRules api documentation has been fully updated with events and examples for all commands. These commands provide the means to manage many aspects of SSL/TLS connections traversing LTM. The available SSL iRules commands and events include:
Commands
- SSL::allow_dynamic_record_sizing - Returns the currently set value for allowing dynamic record sizing
- SSL::authenticate - Overrides the current setting for authentication frequency or for the maximum depth of certificate chain traversal.
- SSL::cert - Returns X509 SSL certificate data.
- SSL::cipher - Returns SSL cipher information.
- SSL::clientrandom - returns the ClientRandom value from the Client hello
- SSL::collect - Collect plaintext data after SSL offloading
- SSL::disable - Disables SSL processing.
- SSL::enable - Re-enables SSL processing.
- SSL::extensions - Returns or manipulates SSL extensions.
- SSL::forward_proxy - sets the SSL forward proxy bypass feature to bypass or intercept.
- SSL::handshake - Halts or resumes SSL activity.
- SSL::is_renegotiation_secure - Returns the current state of SSL Secure Renegotiation.
- SSL::maximum_record_size - set or get the maximum egress record size
- SSL::mode - Gets the enabled/disabled state of SSL
- SSL::modssl_sessionid_headers - Returns a list of fields for HTTP headers
- SSL::nextproto - gets or sets the Next Protocol Negotiation (NPN) string
- SSL::payload - Returns and manipulates plaintext data collected via SSL::collect
- SSL::profile - Switch between different SSL profiles
- SSL::release - Releases the collected plaintext data
- SSL::renegotiate - Controls renegotiation of an SSL connection.
- SSL::respond - Return data back to the origin via SSL
- SSL::secure_renegotiation - Controls the SSL Secure Renegotiation mode.
- SSL::session - Drops a session from the SSL session cache.
- SSL::sessionid - Gets the SSL session ID.
- SSL::sessionsecret - returns the current SSL handshake master secret
- SSL::sessionticket - returns the session ticket associated with the SSL flow
- SSL::sni - Returns a Server Name Indication name, and require SNI support
- SSL::unclean_shutdown - Sets the value of the Unclean Shutdown setting.
- SSL::verify_result - Gets or sets the result code for peer certificate verification.
Events
- CLIENTSSL_CLIENTCERT - Triggered when the system adds an SSL client certificate to the client certificate chain.
- CLIENTSSL_CLIENTHELLO - Triggered when the system has received the client’s SSL ClientHello message
- CLIENTSSL_DATA - Triggered each time new SSL data is received from the client while the connection is in “collect” state.
- CLIENTSSL_HANDSHAKE - Triggered when a client-side SSL handshake is completed.
- CLIENTSSL_PASSTHROUGH - Triggered when the SSL receive the plaintext data and enter the passthrough mode
- CLIENTSSL_SERVERHELLO_SEND - Triggered when the system is about to send its SSL ServerHello message on the clientside connection
- SERVERSSL_CLIENTHELLO_SEND - Triggered when the system is about to send its SSL ClientHello message.
- SERVERSSL_DATA - Triggered when new SSL data is received from the target node after SSL::collect command has been issued.
- SERVERSSL_HANDSHAKE - Triggered when a server-side SSL handshake is completed.
- SERVERSSL_SERVERCERT - triggered when the system finishes the server certificate verification
- SERVERSSL_SERVERHELLO - Triggered when the system has received the server’s SSL ServerHello message.
Published Jul 02, 2008
Version 1.0
No CommentsBe the first to comment