Changing SSL server profile with SSL::profile in SERVER_CONNECTED does not work

here's the code...

when SERVER_CONNECTED priority 100 {
  log local0. "SERVER_CONNECTED"
  set var STRING
  set server_profile [class lookup $var server_profile_dg]
  log local0.debug "This is SERVER PROFILE. $server_profile"
	SSL::profile $server_profile
  }
 
 
when SERVER_CONNECTED priority 101 {
  SSL::disable serverside
  TCP::collect
}

I like the username 👍

If you put the server profile name in directly does it work? Eg remove the var and just specify it.

Hi Kevin,

Yes I have tried just specifying it also and the F5 still ignores it.

to make sure, you do have a sever ssl profile attached by default?

see also: https://devcentral.f5.com/s/question/0D51T00006i7gst/set-server-ssl-profile-based-on-uri

Hi, we do have an server SSL profile attached, but we are unable to get it to change to the one we want it to use, it always just selects the default one.

I know believe the SSL profile is being changed but after it has been changed I then have to disable and re-enable SSL in the SERVER_DATA event to allow plaintext to be sent to an FTP server, this is then re-enabling the default SSL profile and not the one I set in SERVER_CONNECTED, is anyone able to confirm this would be the case.

Also I have tried the SSL::renegotiation command but it crashes the TMM in my AWS virtual F5 instance

why would you want to disable and enable SSL on the server side if you want to talk plaintext, so no SSL?