Forum Discussion

Nimbostratus

Nov 23, 2018

SSL::sni name not returning value after update to 12.1.3

Hello, After recently upgrading the lab machine from 12.1.1 to 12.1.3, I have discovered that the following iRule which I have been using to determine if Client SNI and Server SNI match doesn't wor...

Employee

Nov 29, 2018

Interestingly, I believe the behavior of this iRule changed between 12.1.1 and 12.1.3. I just tested on a 13.0 box and it's the same as what you're seeing on 12.1.3.

Basically, in 12.1.1, SSL::sni reads the Server Name attribute in the client SSL profile, and if that's empty, reads the CN of the certificate applied to the client SSL profile.

In 12.1.3 and beyond, SSL::sni only reads the Server Name field value. So in your case, you'd simply need to add the Server Name string to each client SSL profile that matches the corresponding cert's CN or SAN value.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

SSL::sni name not returning value after update to 12.1.3

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

After upgrading from PeopleTools 8.59.11 to 8.61.11 F5 APM is not rewriting the internal URLs

F5 BIG IP laboratory license

F5 mssql health monitor failing

How can I get started with iCall

Connection Rest f5

Related Content

SSL Orchestrator Use Case: Inbound SNI Switching

SSL Orchestrator Use Case: Inbound SNI Switching with version 9.1

Re: F5 HTTPS Redirect iRule Update

November Security Research Update: Newly Released Attack Signatures

The return of DevCentral CodeShare.

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS