Forum Discussion

Nimbostratus

Aug 23, 2016

Modifying serverside SSL profile based on hostname for SNI

We have a vip where we're terminating SSL at the F5 and then re-encrypting to the servers. We've recently upgraded the pool members to a higher level of Apache that now uses SNI and which requires t...

Cumulonimbus

Aug 24, 2016

you can use this irule to insert client side server name to servcerside:

when CLIENTSSL_HANDSHAKE {
    if { [SSL::extensions exists -type 0] } then {
        set tls_sni_extension [SSL::extensions -type 0]
    }
}
when SERVERSSL_CLIENTHELLO_SEND {
    if { [info exists tls_sni_extension] } then {
        SSL::extensions insert $tls_sni_extension
    }
}

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Modifying serverside SSL profile based on hostname for SNI

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Round-robin method not load balanced

F5 BGP Peering in Active /Standby Cluster

Expired client-certificate

F5 AI Roadmap

Disabling signature for a URL

Related Content

Serverside SNI injection iRule

behavior of SSL::disable serverside

Routing options by hostname with iRules, NGINX, and Distributed Cloud

iRule to modify a content-security-policy header

Insert Client Certificate In Serverside HTTP Headers

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS