Forum Discussion

Nimbostratus

Mar 28, 2011

TLS Server Name Indication iRule

http://devcentral.f5.com/wiki/default.aspx/iRules/TLS_ServerNameIndication.html I posted the iRule above for discussion purposes. It decodes the TLS SNI extension field in an SSL/TLS negot...

Nimbostratus

Mar 31, 2011

That's great! Let me know if you guys need a sounding board for this.

It occurred to me in the Advanced Design forum where I saw someone asking about a layer 2 forwarding virtual server and SSL offload -- a CLIENT_HANDSHAKE_INIT event would be an interesting place to switch clientSSL profiles _and_ pool assignments on the fly based on either SNI _or_ the destination IP address; letting you switch the SSL cert _and pool_ presented based on either item. That could be useful when inserting ASM in the route path in front of an _existing_ secure web server network.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

TLS Server Name Indication iRule

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Related Content

SSL Profiles Part 7: Server Name Indication

TLS Server Name Indication

Lightboard Lessons: TLS Server Name Indication

Multiple Certs, One VIP: TLS Server Name Indication via iRules

Server Name Indication (SNI) based RDP Proxy

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS