Forum Discussion

Angel_Lopez_116's avatar
Angel_Lopez_116
Icon for Altostratus rankAltostratus
Apr 15, 2014

How can I check for HelloRequest SSL messages

Get the latest updates on how F5 mitigates Heartbleed

 

Hi,

 

I'd like to be able to detect a HelloRequest message in the dialogue between a client and the BIG-IP (I'd like who initiate the ssl renegotiation). I didn't find any SSL event that could be useful for this but I guess that maybe I could check for this messages in the TCP flow using a "binary scan" as in the latest iRules published here that check for the heartbeat messages of the heartbleed attack.

 

How could I do it something like that? any reference example to study it?

 

Thanks!

 

application delivery
devops
iRules
LTM
ssl

5 Replies

Sort By
  • PK_Bhatia's avatar
    PK_Bhatia
    Icon for Nimbostratus rankNimbostratus
    Apr 15, 2014

    I am not sure if you are trying to get this from tmsh, may be you try with ssldump ..

     

    https://devcentral.f5.com/articles/troubleshooting-tls-problems-with-ssldump.U01TQPldXAk

     

    Thanks. PK

     

  • Angel_Lopez_116's avatar
    Angel_Lopez_116
    Icon for Altostratus rankAltostratus
    Apr 15, 2014

    I'm trying to do it from an iRule. I'd like to manage the HelloRequest SSL message sent from the BIG-IP to the client.

     

  • PK_Bhatia's avatar
    PK_Bhatia
    Icon for Nimbostratus rankNimbostratus
    Apr 15, 2014

    I am not sure if this is what you are looking for, check the event list...

     

    https://devcentral.f5.com/wiki/iRules.SSL.ashx

     

  • Angel_Lopez_116's avatar
    Angel_Lopez_116
    Icon for Altostratus rankAltostratus
    Apr 15, 2014

    I've reviewed the ssl event list but I don't know how I could manage the "HelloRequest" message that the BIG-IP send to the client when the BIG-IP wants to start a renegotiation. I guess I could use the "binary scan" feature to check for this message in the TCP flow, but I'm not sure how I could do it.

     

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Apr 15, 2014

    i do not have an example but what you understand is correct - you have to keep collecting/releasing tcp payload (i.e. TCP::collect, TCP::release) and search for hello request message (i.e. binary scan).