Forum Discussion
Giammarco
Jun 15, 2012Nimbostratus
SNI iRule problem
hello guys, i'm using this iRule to make multiple SSL on a single VIP https://devcentral.f5.com/wiki/iRules.TLS-ServerNameIndication.ashx it works wi...
Giammarco:
Thanks for the input on this. You're right on both counts. I'll need to look at why IE8+XP has an issue with this -- disabling TLS 1.0 is an okay fix but there should be a way to do this without needing a clientside fix. And we can't disable TLS 1.0 handshake checking in the iRule because SNI browsers can be TLS 1.0 (most are).
The offset thing -- that's also correct on your part. The rule was written originally prototyping against only SNI browsers, so I have to admit, redfaced, that I didn't test it too hard on non-SNI browsers. If I get a chance, I'll go update the iRule and give it another test.
Of course, if you're running 11.1/11.2, it's better to just use F5's built-in SNI support. :> It doesn't do pool switching, but an iRule on the VIP can easily do that for you once TMOS is done taking care of the SNI selection.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects