The client ssl hello for that pattern is blocked by this irule, there is no server ssl hello. But i dont know why i still see encrypted traffic.have you tried "reset" instead of "drop"?
----> we found error on the ltm log file:
Oct 11 18:13:44 tmm err tmm[7531]: 01220001:3: TCL error: /Common/ultrasurf1 - can't read "payload_hex": no such variable while executing "class match $payload_hex equals signature_clientsslhello"
Oct 11 18:13:44 tmm err tmm[7531]: 01220001:3: TCL error: /Common/ultrasurf1 - can't read "payload_hex": no such variable while executing "class match $payload_hex equals signature_clientsslhello"
Oct 11 18:13:44 tmm err tmm[7531]: 01220001:3: TCL error: /Common/ultrasurf1 - can't read "payload_hex": no such variable while executing "class match $payload_hex equals signature_clientsslhello"you may check if binary scan return 1 before referring to payload_hex variable.
e.g.
if {[binary scan [TCP::payload 11] H22 payload_hex] == 1} {
if {[class match $payload_hex equals signature_clientsslhello]} {
log local0. "payload_hex = $payload_hex"
drop
}
}
binary scan
http://wiki.tcl.tk/4180