LTM Policy don't trigger on ALPN in SSL_Client_Hello

Question

HiHave someone successfully managed to get a LTM Policy to trigger on ALPN in "SSL Client Hello"?I have created a policy like below, and attached it to a Virtual-Server.But when I send/connect to VS, policy won't trigger and nothing is written to my log.I have also tried with different Index values, but that makes no difference.I have verified that the ALPN is present in TLS request, both with Wireshark but also with an iRule attached to same VS.iRule:WireShark:RegardsChristian&nbsp;&nbsp;

niels_van_sluis · Answer

I've been playing with this, but also couldn't get it to work. It's unclear what index the SSL Extension alpn in the policy would be a valid one.

cenroth · Answer

Hi NielsI really appreciate your help. For a while i thought i had done something wrong. But if you have tested it, andalso can't get it to work then I’m quite sure that it is a "bugg" in the way Big IP handles ALPN in TLS packages.I will open a case towards F5, and see what kind of solution they will come up with.RegardsChristian

Forum Discussion

LTM Policy don't trigger on ALPN in SSL_Client_Hello

2 Replies

Recent Discussions

Trouble with TCP::option set 28

CITRIX remote desktop solution using F5 APM

BIG-IP rseries license

LDAPS: intermittent login issues

VMWare Backups of active VEs?

Related Content

Leveraging Ansible Rulebooks for Streamlined Event Triggers: Advantages and Benefits

Manage F5 BIG-IP Advanced WAF Policies with Terraform (Part 1 - Policy Creation)

Access policy, LTM policy and iRules

Manage F5 BIG-IP Advanced WAF Policies with Terraform (Part 2 - Policy Import)

Manage F5 BIG-IP Advanced WAF Policies with Terraform (Part 4 - Policy Lifecycle management)