CLIENTSSL_HANDSHAKE¶

Description¶

Triggered when a client-side SSL handshake is completed. If LTM requests a certificate from the client this event would be triggered after the CLIENTSSL_CLIENTCERT event.

Examples¶

when CLIENTSSL_HANDSHAKE {
   persist ssl
}

Related Information¶

Available Commands:

clone - Causes the system to clone traffic to the specified pool or pool member regardless of monitor status.
forward - Sets the connection to forward IP packets.
IP::idle_timeout - Returns or sets the idle timeout value.
ip_ttl - Returns the TTL of the latest IP packet received.
lasthop - Sets the lasthop of an IP connection.
listen - Sets up a related ephemeral listener to allow an incoming related connection to be established.
LSN::address - Set or override translation address.
LSN::disable - Disable LSN translation.
LSN::inbound - Disable inbound connections to translation address/port.
LSN::persistence - Set translation selection mode and persistence timeout.
LSN::persistence-entry - Create or lookup translation address.
LSN::pool - Specify LSN pool for current connection.
LSN::port - Set or override translation port.
nexthop - Sets the nexthop of an IP connection.
node - Sends the packet directly to the identified server node.
peer - Causes the specified iRule commands to be evaluated under the peer’s (opposite) context.
persist - Causes the system to use the named persistence type to persist the connection.
pool - Causes the system to load balance traffic to the specified pool or pool member regardless of monitor status.
session - Utilizes the persistence table to store arbitrary information based on the same keys as persistence.
SSL::cert - Returns X509 SSL certificate data.
SSL::extensions - Returns or manipulates SSL extensions.

Warning

The links to the sample code below are remnants of the old DevCentral wiki and will result in a 404 error. For best results, please copy the link text and search the codeshare directly on DevCentral.

Sample Code:

Client Cert Request by URI with OCSP Checking - Request a client SSL certificate by URI and validate it using OCSP
Client Certificate Request by URI with OCSP Checking (v10.1 - v10.2.x) - Request a client SSL certificate by URI and validate it using OCSP for v10.1 - 10.2.x
Request Client Certificate And Pass To Application - We are using BigIP to dynamically request a client certificate and pass it to server.
SSL client certificate LDAP authenticate before authorizing - This iRule is a modification to the system F5 supported _sys_auth_ssl_cc_ldap rule to serialize the process of SSL CC authentication followed by LDAP authorization
SSL renegotiation DOS mitigation - An example to mitigate SSL renegotiation DOS attacks

Introduced: BIGIP-9.0.0

The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.