Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

Are you an expert?    Interested in presenting at F5 AppWorld 2024?    Submit a proposal by Nov 29th!

LTM Policy don't trigger on ALPN in SSL_Client_Hello

CEnroth
Nimbostratus
Nimbostratus

‎31-Oct-2023 10:31

Hi

Have someone successfully managed to get a LTM Policy to trigger on ALPN in "SSL Client Hello"?

I have created a policy like below, and attached it to a Virtual-Server.
But when I send/connect to VS, policy won't trigger and nothing is written to my log.
I have also tried with different Index values, but that makes no difference.

CEnroth_0-1698772518975.png

I have verified that the ALPN is present in TLS request, both with Wireshark but also with an iRule attached to same VS.

iRule:

CEnroth_1-1698772829499.png

WireShark:

CEnroth_2-1698772914348.png

Regards
Christian

 

 

Labels:
0 Kudos
2 REPLIES 2

Niels_van_Sluis
MVP
MVP

‎03-Nov-2023 08:46

I've been playing with this, but also couldn't get it to work. It's unclear what index the SSL Extension alpn in the policy would be a valid one.

0 Kudos

CEnroth
Nimbostratus
Nimbostratus
In response to Niels_van_Sluis

‎03-Nov-2023 13:11

Hi Niels

I really appreciate your help. For a while i thought i had done something wrong. But if you have tested it, and
also can't get it to work then I’m quite sure that it is a "bugg" in the way Big IP handles ALPN in TLS packages.

I will open a case towards F5, and see what kind of solution they will come up with.

Regards
Christian

0 Kudos
Copyright © 2023 Khoros, LLC