Forum Discussion

chang_chang_148's avatar
chang_chang_148
Icon for Nimbostratus rankNimbostratus
Nov 23, 2011

can I set ssl profile by [HTTP::host] in one irule?

I have this scene:

 

 

www.a.com mapped to a virtual server,

 

www.b.com mapped to www.a.com

 

 

here is the question,when performing a https request on both www.a.com and www.b.com I should provide a ssl profile. Can I use different host name to determine which ssl profile should I use in one irule?

 

 

 

 

 

  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus
    Im assuming here youre talking about the TlS extensions for multiple virtual hosts on a single IP address. I've seen an irule floating around that does the extensions to TLS to use the ssl negotiation for determining which certificate to present.

     

     

    You need a browser that supports this though... I'll have a loom round, but im pretty sure it was in the codeshare.

     

     

    If its not, the yes, its possible, but youll need to do a fair bit of work yourself. ;)

     

     

    H
  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus
    Yep... Its in the codeshare at

     

     

    http://devcentral.f5.com/wiki/iRules.TLS-ServerNameIndication.ashx

     

     

    H
  • The main caveat with TLS SNI is that IE on WinXP cannot support it.

     

     

    Aaron