I have a related issue I am trying to solve. I have an external server that I need to set SNI on the way out as the remote server needs SNI.
The data flow is a server behind the BigIP sends data in clear text to a BigIP VS, the connection then use a Server SSL profile to enable TLS1.2.
I would like to populate the server name extension in an iRule attached to this VS. I found some code under SSL::extensions. I am not clear how I would adapt this to insert an SNI. From the text of the above iRule, it looks like the type is 0.
Can anyone suggest how I can insert an SNI into the CLIENT_HELLO the BigIP will send?
when SERVERSSL_CLIENTHELLO_SEND {
set my_ext "Hello world!"
set my_ext_type 62965
SSL::extensions insert [binary format S1S1a* $my_ext_type [string length $my_ext] $my_ext]
}
Thanks - Tom