mwi
May 14, 2021Altocumulus
iRule dont work with TLSv1.3
Hi,
can anyone tell my why this iRule dont work with TLS1.3?
when CLIENTSSL_CLIENTCERT {
if { [SSL::cert 0] eq "" } {
}
else {
if {not([X509::not_valid_before [SSL::cert 0]] contains "2021")} {
log local0. "oldCert: [X509::subject [SSL::cert 0]] -> [X509::issuer [SSL::cert 0]]"
}
else {
log local0. "oldCert: newCert [X509::subject [SSL::cert 0]] -> [X509::issuer [SSL::cert 0]]"
}
Cheers
Have you seen this:
https://cdn.f5.com/product/bugtracker/ID753925.html (always use the F5 bug tracker to check for know bugs)?
To be certain that it is a bug add simple log local0. after " CLIENTSSL_CLIENTCERT { " and before " if { [SSL::cert 0] eq "" } { " also add loh local0. right after " if { [SSL::cert 0] eq "" } { ". Maybe also add log local0. right after " else { " and before " if {not([X509::not_valid_before [SSL::cert 0]] contains "2021")} { "
This way you will se to where the irule is triggered before it stops working.