Forum Discussion

krisdames's avatar
Icon for Cirrus rankCirrus
Sep 16, 2022

IRULE question - pool command and SSL renegotiation

I have a standard SSL virtual with a client and a serverssl profile. I need to create an iRule that does some content switching based on HTTP::uri. My virtual has a clientssl profile with an SSL cert...
  • Stefan_Klotz's avatar
    Sep 19, 2022

    Kevin is already right, but to be more detailed the F5 is acting as a full proxy, means independent SSL/TCP-connections between the client<->F5 and the F5<->server/poolmember.

    The SNI values from the client are independent for the connection between the F5<->server. Here the F5 acts as the client and you need to specify your required SNI values in the serverSSL profile. Means you need to create several different (at least two) serverSSL profiles matching your requirements and switch them with the iRule. The "SSL::profile" command should be sufficient here.

    Hope that helps!

    Regards Stefan 🙂