dragonflymr
Cirrostratus
CirrostratusHi,
Thanks a lot for answers. I was rather thinking about scenario when VS has:
- Multiple client ssl profiles attached (ClientHello SNI matching)
- No Server SSL profile (SSL offload or SSL pass through only)
not about selecting client ssl profile via Local Traffic Policy (LTP). Then logic like in Stanislas iRule used:
- For given SNIs do SSL offload (so enable client ssl after it was disabled at the beginning of CLIENT_ACCEPTED)
- For given SNIs do SSL pass through (client ssl not enabled)
but it is not possible with LTP (at least I can't see how) because Action: Disable client ssl blocks condition SSL Extension - what is quite logic.
So indeed your solution with pool or vs forwarding is only solution. In the end it's simpler and more elegant so thanks again for sharing.
What I miss regarding LTP is lack of in depth description of all elements and how they interact with each other and how choice of given condition or action relates to necessary profiles. Sure it can be figured out (sometimes with lab tests) but it takes time :-(
Piotr