ltm rule command SSL tls13 secret
iRule(1) BIG-IP TMSH Manual iRule(1)
SSL::tls13_secret
Return data about various TLS 1.3 secrets.
SYNOPSIS
SSL::tls13_secret client (app | hs | early)
SSL::tls13_secret server (app | hs)
DESCRIPTION
Return TLS 1.3 session secrets. Choose which side (client or server) and which secret. "app" references the
first traffic secret, "hs" -- the handshake traffic secret and "early" -- the client early traffic secret.
RETURN VALUE
SSL::tls13_secret client app
Returns the client app secret. SSL::tls13_secret server app
Returns the server app secret. SSL::tls13_secret client hs
Returns the client handshake secret SSL::tls13_secret server hs
Returns the server handshake secret. SSL::tls13_secret client early
Returns the client early traffic secret
VALID DURING
CLIENTSSL_HANDSHAKE
EXAMPLES
when CLIENTSSL_HANDSHAKE {
log local0. "ClientSSL: Client Handshake Traffic Secret [SSL::clientrandom] is -> [SSL::tls13_secret client hs]"
log local0. "ClientSSL: Server Handshake Traffic Secret [SSL::clientrandom] is -> [SSL::tls13_secret server hs]"
log local0. "ClientSSL: Client App Traffic Secret [SSL::clientrandom] is -> [SSL::tls13_secret client app]"
log local0. "ClientSSL: Server App Traffic Secret [SSL::clientrandom] is -> [SSL::tls13_secret server app]"
log local0. "ClientSSL: Client Early Traffic Secret [SSL::clientrandom] is -> [SSL::tls13_secret client early]"
}
Sample log output:
Oct 20 00:48:15 kyle-1 info tmm[17817]: Rule /Common/tls13 : ClientSSL: Client Handshake Traffic Secret d178111e08e5fd160872c40d57583b99771a32da445c355c4210db20cc7fafbd -> 45bb7e8c64f22c1875caf360c55bf117
Oct 20 00:48:15 kyle-1 info tmm[17817]: Rule /Common/tls13 : ClientSSL: Server Handshake Traffic Secret d178111e08e5fd160872c40d57583b99771a32da445c355c4210db20cc7fafbd -> 15a0d98b60eca9643e028f69d9ff0f37
Oct 20 00:48:15 kyle-1 info tmm[17817]: Rule /Common/tls13 : ClientSSL: Client App Traffic Secret d178111e08e5fd160872c40d57583b99771a32da445c355c4210db20cc7fafbd -> 011ff5c058845b5df8401403b818497f
Oct 20 00:48:15 kyle-1 info tmm[17817]: Rule /Common/tls13 : ClientSSL: Server App Traffic Secret d178111e08e5fd160872c40d57583b99771a32da445c355c4210db20cc7fafbd -> 15a0d98b60eca9643e028f69d9ff0f37
Oct 20 00:48:15 kyle-1 info tmm[17817]: Rule /Common/tls13 : ClientSSL: Client Early Traffic Secret d178111e08e5fd160872c40d57583b99771a32da445c355c4210db20cc7fafbd -> 792a88c7a2faf9003a5d4155918c48170d611c7b7e1b428815d9b72ce781523a
HINTS
SEE ALSO
CHANGE LOG
@BIGIP-XX.X.X --First introduced the command.
BIG-IP 2020-06-23 iRule(1)