Return of Bleichenbacher - the ROBOT Attack CVE-2017-6168
Nice summary. Another day another attack, but in the end it's that good old brute-force, with an edge.
To address the exploitation at hand, and pro-actively mitigate any similar ones that will come out in the future, why not try and hit multiple flies at once? Implement a TLS rate limiting feature (what your iRule does) in next LTM release as a native feature.
I see 3 benefits here. TLS rate limiting is a direct mitigation against this attack, but also a proactive mitigation of similar attacks that entirely or partly rely on primitive means of brute force. And lastly, it's also a neat DOS protection feature.
For short-term, maybe it can be implemented as a new attribute, configurable in clientssl profile? For long term, maybe there will eventually be a dedicated rate limiting policy which includes not only TLS rate limiting but also the same for network stack and HTTP?