Triggered when the system has received the client’s SSL ClientHello message, after a clientssl profile has been selected and before the system sends its SSL ServerHello message. Zero or more SSL extensions may be received from or sent to the peer at this stage in the SSL handshake.
This event is primarily useful for retrieving extension information. It is not possible to utilize SSL::extensions or other SSL commands to make a profile selection using the SSL::profile command. To select a profile based on the Client Hello contents, it is still required to manually interpret the raw TCP data in CLIENT_DATA. Though the Client Hello is where the client proposes ciphers, there is no command to access this information in the event.


    set my_ext "Hello world!"
    set my_ext_type 62965
    SSL::extensions insert [binary format S1S1a* $my_ext_type [string length $my_ext] $my_ext]

    set ext_count [SSL::extensions count]
    log "SSL::extensions count = $ext_count"

    for {set i 0} {$i<$ext_count} {incr i} {
        binary scan [SSL::extensions -index $i] S1S1H* ext_type ext_len ext
        set ext_type [expr {$ext_type & 0xffff}]
        set ext_len [expr {$ext_len & 0xffff}]
        log "SSL extension #[expr {$i + 1}]: (type $ext_type len $ext_len) $ext"

Sample log output:
: SSL::extensions count = 1
: SSL extension #1: (type 65281 len 1) 00