Forum Discussion
Giammarco
Jun 15, 2012Nimbostratus
SNI iRule problem
hello guys, i'm using this iRule to make multiple SSL on a single VIP https://devcentral.f5.com/wiki/iRules.TLS-ServerNameIndication.ashx it works wi...
doing other tests and put some log point, i've seen that no-SNI capable browser in this statement:
if { ([TCP::payload length] >= $record_offset) }
the tcp-payload length and record_offset are always the same number, so when there is this statement "binary scan [TCP::payload] @${record_offset}S tls_extenlen", the variable $tls_extenlen will not be created and so the TCL script break the execution
i've modified the statement like this "([TCP::payload length] > $record_offset)", and this seems to solve the issue. The no-SNI capable browser can access the VIP (with ssl warning about certification), and also the SNI capable can access
I don't know if it the right solution, but seems to work.. may be someone can indicate another way to make it work ^_^
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects