For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

wlepkin_98758's avatar
wlepkin_98758
Icon for Nimbostratus rankNimbostratus
Aug 23, 2016

Modifying serverside SSL profile based on hostname for SNI

We have a vip where we're terminating SSL at the F5 and then re-encrypting to the servers. We've recently upgraded the pool members to a higher level of Apache that now uses SNI and which requires t...
application delivery
iRules
LTM
Stanislas_Piro2's avatar
Stanislas_Piro2
Icon for Cumulonimbus rankCumulonimbus
Aug 24, 2016

you can use this irule to insert client side server name to servcerside:

 

when CLIENTSSL_HANDSHAKE {
    if { [SSL::extensions exists -type 0] } then {
        set tls_sni_extension [SSL::extensions -type 0]
    }
}
when SERVERSSL_CLIENTHELLO_SEND {
    if { [info exists tls_sni_extension] } then {
        SSL::extensions insert $tls_sni_extension
    }
}