TLS server_name extension based routing without clientssl profile

Problem this snippet solves: Some configuration requires to not decrypt SSL traffic on F5 appliances to select pool based on HTTP Host header. I found a useful irule and this code keeps the struct...

Updated Jun 06, 2023

Version 2.0

binary

sni

sni without clientssl profile

ssl

TMOS

Stanislas_Piro2

Cumulonimbus

Joined January 04, 2011

View Profile

Stanislas_Piro2

Cumulonimbus

Feb 13, 2018

@Mel : your issue is not a collect size issue but a non tls packet deciding issue

The returned value of binary command is -28159 which is not a valid tls version yet (a signed to unsigned convertion may be done)

Then after this decoding, the value is checked within switch command which handle any value starting with dash as a parameter : -28159 is not a valid parameter.

You can replace the switch command with

switch —- $tls_version

Or use this code which does not the same test.

TLS server_name extension based routing without clientssl profile

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS