Forum Discussion
Paulius
Apr 13, 2023MVP
DJ2 I think the easiest option here is if the clients can use SNI, you would then configure two different SSL certs that have different FQDNs associated to them you can split it that way because you can associate different SSL ciphers to the two individual SSL client profiles. I don't believe you can do this without SNI because the F5 is not able to see the host header until after the SSL handshake process completes which is after the cipher suite is selected. With SNI the FQDN that is being used from the client side is sent in the initial request so you can select the appropriate SSL client profile which will have the associated SSL ciphers and TLS that you would like for that group of names.