iRule / SSL Question

The ability to apply multiple SSL profiles to a virtual server is dependent upon a TLS functionality called Server Name Indicator. TLS clients will present a "server name" extension in the CLIENTHELLO message of the TLS handshake, and the virtual server will dutifully select the most appropriate client SSL profile based on the Server Name value applied to each SSL profile (or a designated default profile if none matches the request). This requires all clients to support and prefer TLS, which may not always be the case at least for older browsers. The alternative to this approach is going to be a single client SSL profile with either a "wildcard" certificate, or "SAN" (Subject Alt Name) certificate. The former matches all addresses in a defined domain (ie. *.domain.com), and the latter matches a specific set of names (ie. www1.domain.com, www2.domain.com, www3.domain.com, etc.).