CirrostratusHi,
As usual very good article! I wonder if this is better (at least performance wise) to use vip targeting that VS with client/server ssl profile and iRule for disabling and enabling client ssl and server ssl profiles based on some conditions.
As far as I tested doing so via policy is not possible so in this case vip targeting seems to be only option.
I wonder as well why at least ssl persistence profile is needed on VS - is this profile necessary for enabling SSL handshake related events? How having ssl persistence can influence traffic distribution if pool is selected instead of vs. I guess in case vs is selected there is none but if pool will persistence will kick in - I mean SSL sessions with same ID will be send to pool member with existing persistence record?
Sometimes it could be unwanted behavior.
Piotr