I would apperciate your help with basic requirement I have. I want to log the server side (F5 -> Pool member) SNI Value.
I'm familiar with this command:
"binary scan [SSL::extensions -type 0] {@9A*} cs_sni_name" which does work for ClientSSL SNI but not for ServerSSL SNI - I tried using it in the following server side events:
@AdirZe The following should be what you're looking for but from my understanding the F5 will not send an SNI name unless you explicitly configure it in the SSL server profile so you should already know what the name is unless of course you are configuring SSL passthrough which the F5 will then send whatever the client has sent it.
Thank you, I understand , I actually tried it, it looks like it doesn't find the the sni value even though there is a Server SSL profile with sni value attached.
the "sni_exists" if is false.
when SERVERSSL_CLIENTHELLO_SEND priority 500 { set sni_exists [SSL::extensions exists -type 0] if { $sni_exists } { binary scan [SSL::extensions -type 0] {@9A*} sni_name log local0. "sni name: ${sni_name}" } }
