Forum Discussion

Nimbostratus

Mar 12, 2019

SNI

Has anyone tried to use multiple SSL profiles on a VIP with SNI and each profile have different allowed ciphers/protocols? This article indicates that each profile can have different security requir...

MVP

Mar 12, 2019

Set up VIP targetted VIP and use a traffic policy.

First VIP listens on 443 and had has no ssl profiles, snat or http profile. It only has a local traffic policy.

This policy will forward traffic to a targetted vip (1 vip per client ssl profile) based on the SNI name in the TLS client hello.

Per targetted VS you have a client ssl profile with the correct certificate and ciphers, http profile.

Some useful resources:

https://devcentral.f5.com/articles/lightboard-lessons-vip-targeting-vip

https://devcentral.f5.com/articles/sni-routing-with-big-ip-31348

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

SNI

Introducing the F5 Application Study Tool (AST)

Displaying Application Study Tool (AST) Dashboards in Your Own Grafana Instance

Recent Discussions

What dose "Accept" do in BIG-IP ASM event logs

Is anyone using Certbot for F5 certificate automation? If not, what tool do you use?

Change Content-Type from application/octet-stream to multipart/form-data

f5 AI Gateway pii-redactor not working

Terraform apply failures - loadbalancer_type.https.port_choice

Related Content

SNI Routing with BIG-IP

How to Troubleshoot SNI

SNI Routing with DNS Lookup

Serverside SNI injection iRule

Server Profile SNI

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS