For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

David_Haupt_130's avatar
David_Haupt_130
Icon for Nimbostratus rankNimbostratus
Oct 05, 2013

SNI and Client certificate authentication

Hi   LTM 11.4.0 VE   I want a VS that listens to 443 and terminates TLS 1.0+ https traffic. It should have two Client SSL profiles (with different certificates and hostnames in the certificates...
application delivery
design
devops
iRules
security
sni
tls
David_Haupt_130's avatar
David_Haupt_130
Icon for Nimbostratus rankNimbostratus
Oct 06, 2013

A bit more investigation. Without any authentication profile enabled and just a default SNI ssl client profile and another ssl client profile that uses SNI and a simple irule:

 

when CLIENTSSL_HANDSHAKE { log local0.debug "My selected sslprofile [PROFILE::clientssl name]" }

 

I always get the sslprofile name of the profile that is on top in the list in my VS->SSL Profile (Client) even though I send in SNI in my handskake and I get the correct server certificate back.

 

I would have expected to get the profile name in the log that is corresponding to my SNI clientssl profile...