ltm rule command SSL handshake

iRule(1)		      BIG-IP TMSH Manual		      iRule(1)



SSL::handshake
       Halts or resumes SSL activity.

SYNOPSIS
       SSL::handshake (hold | resume)

DESCRIPTION
       Halts or resumes SSL activity. This is useful for suspending SSL
       activity while authentication is in progress.

RETURN VALUE
       SSL::handshake hold
	   Halts any SSL activity. Typically used when an authentication
       request is made.

       SSL::handshake resume
	   Resumes any SSL activity that the system previously halted with the
       'SSL::handshake hold' command. Typically used when a successful
       authentication response has been returned.

VALID DURING
       SSL AUTH

EXAMPLES
	when CLIENT_ACCEPTED {
	    set auth_ldap_sid [AUTH::start pam default_ssl_cc_ldap]
	    set auth_success 0
	}
	when CLIENTSSL_CLIENTCERT {
	    AUTH::cert_credential $auth_ldap_sid [SSL::cert 0]
	    AUTH::authenticate $auth_ldap_sid
	    SSL::handshake hold
	}
	when AUTH_SUCCESS {
	    if {$auth_ldap_sid eq [AUTH::last_event_session_id]} {
		set auth_success 1
		SSL::handshake resume
	    }
	}
	when AUTH_WANTCREDENTIAL {
	    if {$auth_ldap_sid eq [AUTH::last_event_session_id]} {
		reject
	    }
	}
	when AUTH_ERROR {
	    if {$auth_ldap_sid eq [AUTH::last_event_session_id]} {
		reject
	    }
	}
	when AUTH_FAILURE {
	    if {$auth_ldap_sid eq [AUTH::last_event_session_id]} {
		SSL::handshake resume
	    }
	}
	when HTTP_REQUEST {
	    if {$auth_success != 1} {
		HTTP::redirect "http://errorserver/certerror.html"
	    }
	}

HINTS
SEE ALSO
       Client Cert Request by URI with OCSP Checking - Request a client SSL
       certificate by URI and validate it using OCSP Client Certificate
       Request by URI with OCSP Checking (v10.1 - v10.2.x) - Request a client
       SSL certificate by URI and validate it using OCSP for v10.1 - 10.2.x

CHANGE LOG
       @BIGIP-9.0.0 --First introduced the command.



BIG-IP				  2017-01-31			      iRule(1)