Help
CodeShare
Have some code. Share some code.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Client side to server side SNI relay iRule

Kai_Wilke
MVP
MVP

on ‎12-Sep-2016 04:39

Problem this snippet solves:

Hi Folks,

the iRule below can be used to relay client side provided TLS SNI extensions to the server side. The iRule is usefull if your pool servers depending on matching SNI records and you don't want to configure dedicated Server SSL Profiles for each single web application.

Cheers, Kai

How to use this snippet:

  1. Attach the iRule to the Virtual Server where you need to relay the TLS SNI expensions
  2. Make sure you've cleared the "Server Name" option in your Server_SSL_Profile

Code :

when CLIENTSSL_HANDSHAKE {
    if { [SSL::extensions exists -type 0] } then {
        set tls_sni_extension [SSL::extensions -type 0]
    } else {
        set tls_sni_extension ""
    }
}
when SERVERSSL_CLIENTHELLO_SEND {
    if { $tls_sni_extension ne "" } then {
        SSL::extensions insert $tls_sni_extension
    }
}

Tested this on version:

12.0
Labels:
0 Kudos
Version history
Last update:
‎12-Sep-2016 04:39
Updated by:
MVP
Contributors
Copyright © 2023 Khoros, LLC