0

I'm trying to implement a TCL script to be used in an F5 iRule, in order to catch any SSL renegotiation event. I'm stuck at the first step, which is basically the "trigger" which could say "when the SSL renegotiation happens, do something" (e.g. log the event to the syslog).

My question is: Since the SSL connection is already established, what is the trigger that prompts the link to be re-established? How can I use this in an iRule?

Any help is greatly appreciated.

Alessandro
  • 55
  • 5

1 Answers1

1

There isn't a specific event for renegotiate that I can see in the docs... However have you tried logging any CLIENT_HANDSHAKE or SERVER_HANDSHAKE events?

It's not specifically mentioned that CLIENT_HANDSHAKE or SERVER_HANDSHAKE fire at renegotiation. but I notice that the following codeshare example for counting renege for DOS mitigation uses them..

ssl-renegotiation-dos-mitigation

troubled
  • 26
  • 2
  • Thanks troubled, I used some snippets of that code. In any case, it turns out that the best way to verify this kind of events is to trigger the "debug" level on logging. After that, tail -f on /var/log/ltm in order to verify if an SSL renegotiation is happening or not. – Alessandro Jun 12 '20 at 13:20
  • Be careful of using too much local logging. It can affect performance. The best way to log is to either use HSL (High Speed Logging) or a logging profile and send the logs to a remote syslog server. – troubled Jun 15 '20 at 06:53