cancel
Showing results for 
Search instead for 
Did you mean: 

During which event is SNI evaluated?

jwlarger
Cirrus
Cirrus

Where in the event flow is SNI evaluated? And would it interfere with an iRule that fired on the same event?

 

i.e.

CLIENT_ACCEPTED

CLIENTSSL_HANDSHAKE

CLIENTSSL_CLIENTCERT

CLIENTSSL_CLIENTHELLO

HTTP_REQUEST

3 REPLIES 3

Hi ,

 

the earliest event you can evaluate the SNI is CLIENTSSL_CLIENTHELLO. Please see this diagram at packetpushers: https://packetpushers.net/f5-networks-irule-event-order-https/

It describes the order of iRule events in a HTTPS connection.

 

How will it interfere when there is an iRule that uses the same event?

Read this devcentral article: https://devcentral.f5.com/s/articles/getting-started-with-irules-events-priorities-20402, pay attention to the section headlined "What happens if I have the same event in multiple iRules on a virtual server?".

 

KR

Daniel

 

jwlarger
Cirrus
Cirrus

Forget about iRules - bit of a red herring. I am familiar with the event order charts and event priorities. None of them include info about SNI.

 

What I want to know is: during which event, during the normal, default course of events. without an iRule involved, is SNI evaluated and matched?

You listed five iRule events as examples and you asked if it could interfere with iRules. Hence my assumption was, you are asking for an iRule event.

 

RFC 6066: In order to provide any of the server names, clients MAY include an extension of type "server_name" in the (extended) client hello.

Is this the kind of event you are looking for? Or what do you understand as "default course of events"?