ltm rule command SSL tls13 secretΒΆ

iRule(1)		      BIG-IP TMSH Manual		      iRule(1)



SSL::tls13_secret
       Return data about various TLS 1.3 secrets.

SYNOPSIS
       SSL::tls13_secret client (app | hs)

       SSL::tls13_secret server (app | hs)

DESCRIPTION
       Return TLS 1.3 session secrets. Choose which side (client or server)
       and which secret. "app" references the first traffic secret and "hs" --
       the handshake traffic secret.

RETURN VALUE
       SSL::tls13_secret client app
	   Returns the client app secret.  SSL::tls13_secret server app
	   Returns the server app secret.  SSL::tls13_secret client hs
	   Returns the client handshake secret SSL::tls13_secret server hs
	   Returns the server handshake secret.

VALID DURING
       CLIENTSSL_HANDSHAKE

EXAMPLES
	when CLIENTSSL_HANDSHAKE {
	    log local0. "ClientSSL: Client Handshake Traffic Secret [SSL::clientrandom] is -> [SSL::tls13_secret client hs]"
	    log local0. "ClientSSL: Server Handshake Traffic Secret [SSL::clientrandom] is -> [SSL::tls13_secret server hs]"
	    log local0. "ClientSSL: Client App Traffic Secret [SSL::clientrandom] is -> [SSL::tls13_secret client app]"
	    log local0. "ClientSSL: Server App Traffic Secret [SSL::clientrandom] is -> [SSL::tls13_secret server app]"
	}

	Sample log output:
	Oct 20 00:48:15 kyle-1 info tmm[17817]: Rule /Common/tls13 : ClientSSL: Client Handshake Traffic Secret d178111e08e5fd160872c40d57583b99771a32da445c355c4210db20cc7fafbd -> 45bb7e8c64f22c1875caf360c55bf117
	Oct 20 00:48:15 kyle-1 info tmm[17817]: Rule /Common/tls13 : ClientSSL: Server Handshake Traffic Secret d178111e08e5fd160872c40d57583b99771a32da445c355c4210db20cc7fafbd -> 15a0d98b60eca9643e028f69d9ff0f37
	Oct 20 00:48:15 kyle-1 info tmm[17817]: Rule /Common/tls13 : ClientSSL: Client App Traffic Secret d178111e08e5fd160872c40d57583b99771a32da445c355c4210db20cc7fafbd -> 011ff5c058845b5df8401403b818497f
	Oct 20 00:48:15 kyle-1 info tmm[17817]: Rule /Common/tls13 : ClientSSL: Server App Traffic Secret d178111e08e5fd160872c40d57583b99771a32da445c355c4210db20cc7fafbd -> 15a0d98b60eca9643e028f69d9ff0f37

HINTS
SEE ALSO
CHANGE LOG
       @BIGIP-XX.X.X --First introduced the command.



BIG-IP				  2018-07-19			      iRule(1)