TLS Server Name Indication

Problem this snippet solves: Extensions to TLS encryption protocols after TLS v1.0 have added support for passing the desired servername as part of the initial encryption negotiation. This functiona...
Published Mar 18, 2015
Version 1.0
application delivery
devops
iRules
security
Stanislas_Piro2's avatar
Stanislas_Piro2
Icon for Cumulonimbus rankCumulonimbus
Feb 15, 2018

@chad, I tried my own code SNI based Pool selection without clientssl profile with firefox configured with TLS 1.3 support (draft 18).

 

The CLIENT_HELLO had following values (seen with wireshark):

 

  • TLS record value : TLS 1.0
  • TLS Handshake version : TLS 1.2
  • supported versions extension:
    • TLS 1.3 (draft 18) 0x7f12
    • TLS 1.2 0x0303
    • TLS 1.1 0x0302
    • TLS 1.0 0x0301
  • server name : requested site

the code extracted the server name value like in TLS 1.2 CLIENT_HELLO.