Forum Discussion

Joel_Moses's avatar
Icon for Nimbostratus rankNimbostratus
Mar 28, 2011

TLS Server Name Indication iRule



I posted the iRule above for discussion purposes. It decodes the TLS SNI extension field in an SSL/TLS negotiation and then attempts to dynamically switch the ClientSSL profile based on what it sees in this field. Essentially, this will allow you to use multiple certificates with a single VIP, dynamically switching them when the browser client changes the host it's requesting.



I'm intending to add support for changing pools as well -- that means that it's possible to support multiple certificates and multiple pools via a single VIP behind TLS encryption. But I thought I'd get this earlier proof of concept out there so people can see it and discuss it.





24 Replies