F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Martin_Smith_58's avatar
Martin_Smith_58
Icon for Nimbostratus rankNimbostratus
Oct 19, 2012

Regular SSL/TLS for user connections to the LTM, with SNI support from LTM to the real webservers?

Hi there --   We have a client base that we truly can't force to support TLS SNI for HTTP traffic. However, we'd like to limit the number of IPs we put on our backend webservers. I'm wondering if ...
config
design
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Nov 07, 2012
SSL always makes the mass-virtual hosting part challenging, by virtue of the protocols. And one could argue that hardware-based SSL offload is a HUGE scalability win if your security policy will allow it.

 

 

That said, did you look at the iRule I posted above? It allows you to do SNI on the server side by injecting the name into the TLS extension of the server side CLIENTHELLO message.