ltm rule command SSL handshake
iRule(1) BIG-IP TMSH Manual iRule(1)
SSL::handshake
Halts or resumes SSL activity.
SYNOPSIS
SSL::handshake (hold | resume)
DESCRIPTION
Halts or resumes SSL activity. This is useful for suspending SSL
activity while authentication is in progress.
RETURN VALUE
SSL::handshake hold
Halts any SSL activity. Typically used when an authentication
request is made.
SSL::handshake resume
Resumes any SSL activity that the system previously halted with the
'SSL::handshake hold' command. Typically used when a successful
authentication response has been returned.
VALID DURING
SSL AUTH
EXAMPLES
when CLIENT_ACCEPTED {
set auth_ldap_sid [AUTH::start pam default_ssl_cc_ldap]
set auth_success 0
}
when CLIENTSSL_CLIENTCERT {
AUTH::cert_credential $auth_ldap_sid [SSL::cert 0]
AUTH::authenticate $auth_ldap_sid
SSL::handshake hold
}
when AUTH_SUCCESS {
if {$auth_ldap_sid eq [AUTH::last_event_session_id]} {
set auth_success 1
SSL::handshake resume
}
}
when AUTH_WANTCREDENTIAL {
if {$auth_ldap_sid eq [AUTH::last_event_session_id]} {
reject
}
}
when AUTH_ERROR {
if {$auth_ldap_sid eq [AUTH::last_event_session_id]} {
reject
}
}
when AUTH_FAILURE {
if {$auth_ldap_sid eq [AUTH::last_event_session_id]} {
SSL::handshake resume
}
}
when HTTP_REQUEST {
if {$auth_success != 1} {
HTTP::redirect "http://errorserver/certerror.html"
}
}
HINTS
SEE ALSO
Client Cert Request by URI with OCSP Checking - Request a client SSL
certificate by URI and validate it using OCSP Client Certificate
Request by URI with OCSP Checking (v10.1 - v10.2.x) - Request a client
SSL certificate by URI and validate it using OCSP for v10.1 - 10.2.x
CHANGE LOG
@BIGIP-9.0.0 --First introduced the command.
BIG-IP 2017-01-31 iRule(1)