Stanislas_Piro2's avatar
Stanislas_Piro2
Icon for Cumulonimbus rankCumulonimbus
May 25, 2018

Hi,

 

I tried this configuration and it works like a charm!

 

Do you know the minimum TMOS version required to do such configuration?

 

I also tried to look at fingerprinting irule as you suggested but the database is not yet updated and both my chrome and firefox uses ciphers not listed at all in the son file (0x1301, 0x1302 and 0x1303)

 

This TLS routing feature is really useful for customers without enough available IP addresses and requiring different services behavior.

 

when working with APM, Rewriting irules, or more complex solutions splitting services on multiple virtual servers, this can solve several issues.

 

Another use case is when a customer protect all services in Azure (or other cloud). only one public IP address is assigned to the BigIP VE. In this case, this solution can make the configure simpler!

 

I read TLS 1.3 draft and I didn't see any reference of server name extension obscured, but this server name extension is required for 0-RTT. I still think such solution will be compatible with TLS 1.3.