Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

David_Haupt_130's avatar
David_Haupt_130
Icon for Nimbostratus rankNimbostratus
12 years ago

SNI and Client certificate authentication

Hi   LTM 11.4.0 VE   I want a VS that listens to 443 and terminates TLS 1.0+ https traffic. It should have two Client SSL profiles (with different certificates and hostnames in the certificates...
application delivery
design
devops
irules
security
sni
tls
David_Haupt_130's avatar
David_Haupt_130
Icon for Nimbostratus rankNimbostratus
12 years ago

A bit more investigation. Without any authentication profile enabled and just a default SNI ssl client profile and another ssl client profile that uses SNI and a simple irule:

 

when CLIENTSSL_HANDSHAKE { log local0.debug "My selected sslprofile [PROFILE::clientssl name]" }

 

I always get the sslprofile name of the profile that is on top in the list in my VS->SSL Profile (Client) even though I send in SNI in my handskake and I get the correct server certificate back.

 

I would have expected to get the profile name in the log that is corresponding to my SNI clientssl profile...