cancel
Showing results for 
Search instead for 
Did you mean: 

iRule dont work with TLSv1.3

mwi
Altostratus
Altostratus

Hi,

 

can anyone tell my why this iRule dont work with TLS1.3?

 

when CLIENTSSL_CLIENTCERT {       if { [SSL::cert 0] eq "" } {      }     else {                  if {not([X509::not_valid_before [SSL::cert 0]] contains  "2021")} {                         log local0. "oldCert: [X509::subject [SSL::cert 0]] -> [X509::issuer [SSL::cert 0]]"                   }         else {                             log local0. "oldCert: newCert [X509::subject [SSL::cert 0]] -> [X509::issuer [SSL::cert 0]]"         }

 

Cheers

1 ACCEPTED SOLUTION

Have you seen this:

 

https://cdn.f5.com/product/bugtracker/ID753925.html (always use the F5 bug tracker to check for know bugs)?

 

 

To be certain that it is a bug add simple log local0. after " CLIENTSSL_CLIENTCERT { " and before " if { [SSL::cert 0] eq "" } { " also add loh local0. right after " if { [SSL::cert 0] eq "" } { ". Maybe also add log local0. right after "     else { " and before " if {not([X509::not_valid_before [SSL::cert 0]] contains  "2021")} {   "

 

 

 

 

This way you will se to where the irule is triggered before it stops working.

View solution in original post

3 REPLIES 3

SanjayP
MVP
MVP

What error do you receive? FYI - it might be typo on your end, it's missing last 2 curly brackets.

mwi
Altostratus
Altostratus

no error, just no logging. If I enable "no TLS1.3" in the SSL-Profile it works.

The brackets are my fault, i didnt copy the whole irule

Have you seen this:

 

https://cdn.f5.com/product/bugtracker/ID753925.html (always use the F5 bug tracker to check for know bugs)?

 

 

To be certain that it is a bug add simple log local0. after " CLIENTSSL_CLIENTCERT { " and before " if { [SSL::cert 0] eq "" } { " also add loh local0. right after " if { [SSL::cert 0] eq "" } { ". Maybe also add log local0. right after "     else { " and before " if {not([X509::not_valid_before [SSL::cert 0]] contains  "2021")} {   "

 

 

 

 

This way you will se to where the irule is triggered before it stops working.