Forum Discussion
Murugs_322349
Oct 10, 2017Nimbostratus
SNI Based on IRule
I have a requirement to set SNI based on the incoming context for every subsequent requests by same client to the same back-end server.
I have put the following in SERVERSSL_CLIENTHELLO_SEND ...
RossVermette
Oct 10, 2017Nimbostratus
How about something a little different, where you set the "tls_SNI_extension" based on what the client sends? Something like this:
when CLIENTSSL_HANDSHAKE {
if { [SSL::extensions exists -type 0] } then {
set tls_sni_extension [SSL::extensions -type 0]
} else {
set tls_sni_extension ""
}
}
when SERVERSSL_CLIENTHELLO_SEND {
if { $tls_sni_extension ne "" } then {
SSL::extensions insert $tls_sni_extension
}
}
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects