F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Core_Matrix_174's avatar
Core_Matrix_174
Icon for Nimbostratus rankNimbostratus
Oct 22, 2012

iRule to Decide which VS to use.

The point of this is that we have multiple domains and therefore need multiple SSL Client side profiles, as you can only have 1 SSL profile per VS we would need multiple VSs. This would mean having t...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Oct 22, 2012
1. Websense probably has a root cert/key that the browser trusts and can therefore generate a server cert/key dynamically for the requested hostname. Without TLS SNI, the requested hostname could be determined by Websense making a request (with TLS SNI if the client used it) or the IP address and checking the subject(s) in the server cert.

 

 

2. The client is using TLS SNI to tell the server in the unencrypted portion of the client hello which hostname it is requesting. If all of your clients support TLS SNI you could use this feature on LTM to support multiple server certs on the same virtual server.

 

 

Aaron