TLS server_name extension based routing without clientssl profile
Updated Jun 06, 2023
Version 2.0Was this article helpful?
If virtual server doesn't have a clientssl profile, assigning an irule with SSL::disable command is not possible.
to allow to use this command only if clientssl profile is assigned, i set a variable with the command and evaluate the command
if { [PROFILE::exists clientssl] } {
We have a clientssl profile attached to this VIP but we need
to find an SNI record in the client handshake. To do so, we'll
disable SSL processing and collect the initial TCP payload.
set ssldisable "SSL::disable"
set sslenable "SSL::enable"
eval $ssldisable
}
[PROFILE::exists clientssl]
is true only if the virtual server have a clientssl profile assigned.