Forum Discussion

Nimbostratus

Nov 22, 2018

SSL::sni name not returning value after update to 12.1.3

Hello, After recently upgrading the lab machine from 12.1.1 to 12.1.3, I have discovered that the following iRule which I have been using to determine if Client SNI and Server SNI match doesn't wor...

Employee

Nov 29, 2018

Interestingly, I believe the behavior of this iRule changed between 12.1.1 and 12.1.3. I just tested on a 13.0 box and it's the same as what you're seeing on 12.1.3.

Basically, in 12.1.1, SSL::sni reads the Server Name attribute in the client SSL profile, and if that's empty, reads the CN of the certificate applied to the client SSL profile.

In 12.1.3 and beyond, SSL::sni only reads the Server Name field value. So in your case, you'd simply need to add the Server Name string to each client SSL profile that matches the corresponding cert's CN or SAN value.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)