TLS server_name extension based routing without clientssl profile

Problem this snippet solves: Some configuration requires to not decrypt SSL traffic on F5 appliances to select pool based on HTTP Host header. I found a useful irule and this code keeps the struct...
Updated Jun 06, 2023
Version 2.0
binary
sni
sni without clientssl profile
ssl
TMOS
Stanislas_Piro2's avatar
Stanislas_Piro2
Icon for Cumulonimbus rankCumulonimbus
Oct 04, 2018

If virtual server doesn't have a clientssl profile, assigning an irule with SSL::disable command is not possible.

to allow to use this command only if clientssl profile is assigned, i set a variable with the command and evaluate the command

if { [PROFILE::exists clientssl] } {
     We have a clientssl profile attached to this VIP but we need
     to find an SNI record in the client handshake. To do so, we'll
     disable SSL processing and collect the initial TCP payload.
    set ssldisable "SSL::disable"
    set sslenable "SSL::enable"
    eval $ssldisable
} 


[PROFILE::exists clientssl]
is true only if the virtual server have a clientssl profile assigned.