Forum Discussion

Nimbostratus

Mar 28, 2011

TLS Server Name Indication iRule

http://devcentral.f5.com/wiki/default.aspx/iRules/TLS_ServerNameIndication.html I posted the iRule above for discussion purposes. It decodes the TLS SNI extension field in an SSL/TLS negot...

Employee

Sep 07, 2018

The server SSL profile has a "Server Name" property that will insert an SNI value.

But if you need this to be dynamic, the following will do what you need:

when SERVERSSL_CLIENTHELLO_SEND {
    if { [info exists servername] } {
        set bin [binary format S1S1S1S1ca* 0 [expr [string length ${servername}] + 5] [expr [string length ${servername}] + 3] 0 [string length ${servername}] ${servername}]   
        SSL::extensions insert $bin
    }
}

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

TLS Server Name Indication iRule

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

SSL Bridging and FQDN rewrite Policy

After upgrading from PeopleTools 8.59.11 to 8.61.11 F5 APM is not rewriting the internal URLs

Could not communicate with the system. Try to reload page.

F5 BIG IP laboratory license

F5 mssql health monitor failing

Related Content

SSL Profiles Part 7: Server Name Indication

TLS Server Name Indication

Lightboard Lessons: TLS Server Name Indication

Multiple Certs, One VIP: TLS Server Name Indication via iRules

Server Name Indication (SNI) based RDP Proxy

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS