SSL server failures on backend with more applications

Question

Hi all,I am trying to implement SSL server profiles for applications.Set up is straigtforward. Option in SSL server profile "Server Certificate" is defined to required and "Authenticate Name" contains FQDN of the backend. It works well when on the backend is only one application. But issue start when behind app gateway more applications runs. Then during SSL handshake backend (gateway) provide some default certificate, for example CN=localhost. In such case client (F5 server) reset connection.Do I have some option to handle such ssl handshakes? It works with default ssl server profile with option "Default SSL Profile for SNI" without "Server Authentication" but I would like to keep only ssl server profiles with defined CN. Default profile will contain some dummy domain.As example. Backend node is 1.1.1.1 where applications runs (app1.com, app2.com, app3.com, ...).&nbsp;New TCP connection #1: WAF IP(port) &lt;-&gt; 1.1.1.1(443)
1 1 0.1600 (0.1600) C&gt;SV3.1(135) Handshake
ClientHello

....&nbsp;SSL Handshake is RST when server provide certificate with CN what doesn't match with SSL server profile.&nbsp;

petewhite · Answer

You can select the serverside SSL profile using the iRule command SSL::profile&nbsp;https://clouddocs.f5.com/api/irules/SSL__profile.html
&nbsp;

Forum Discussion

AppWorld Berlin iRules Contest!

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

Recent Discussions

Related Content

Mitigating OWASP Web Application Risk: Cryptographic Failures using F5 BIG-IP

Introducing the F5 Application Study Tool (AST)

Mitigating OWASP Web Application Risk: Identification and Authentication Failures using F5 XC

Mitigating OWASP Web Application Risk: Identification and Authentication Failure using BIG-IP

Mitigating OWASP Web Application Risk: Security Logging & Monitoring Failures using F5 BIG-IP