Forum Discussion
Nimbostratuschoose SSL profiles based on context
Hi All,
do you have any idea how to prepare iRule that will choose proper ssl profile based on URI context? so something like that: test.domain.com/abc goes to SSL_profile_1 test.domain.com/def goes to SSL_profile_2
Thank you for your help in advance
3 Replies
Michael_JenkinsCirrostratus
Because of the way SSL works, you won't be able to see the URI until after the SSL negotiation has taken place, as the URI is encrypted. The server won't know the URI until it has already negotiated everything with the browser (i.e. it's already specified a certificate and the browser has accepted it). That means you wouldn't be able to use URI as a decision point.
One thing you could consider is using SNI which would allow you to decide based on different hosts.
Hope this helps.
b_seweryn_15157I have to somehow separate traffic that still using SHA1 hash algorithm. Unfortunately, I still have one pool on with I cannot change ssl certificate until 1st of January. If not URI maybe I can decide which SSL profile I will use based on pool? client IP, context, cipher. have you any idea?
FYI. i'm using wildcard certificate, i have few apps (traffic distribution based on irule/context). only for one app i need new cert with SHA2
- b_seweryn_15157
any other ideas?
