SSL::profile on SERVER_CONNECTED does not "find" SSL profile

Question

I'm having a problem with SSL::profile in SERVER_CONNECTED for an SSL server profile.

The iRule sets a server profile from a class match and data group list.

set server_profile [class lookup $KEY SERVER_DG]

SSL::profile $server_profile

Error in the log:

<SERVER_CONNECTED> - Not found (line 1) (line 1) invoked from within "SSL::profile $server_profile"

When i hard-code the SSL profile in the command, it works:

SSL::profile /Common/server_profile

However, anything else does not find the profile and it does not work, with the error above. Just using the profile name without /Common, does not work either.

I found a fix for the client profile which was similar.

The equivalent config for an SSL client profile works fine in CLIENT_ACCEPTED. The link below details the fix and work around for the problem on the client side.

set client_profile [class lookup [IP::client_addr] test_dg]

SSL::profile $client_profile

https://support.f5.com/csp/article/K13939

Has anyone experienced similar problems on the serverside with SSL::profile and do you know of a workaround for putting a variable instead of a hard-coded variable name? Any help would be much appreciated.

jg · Answer

Try:log local0. "Profile selected: $server_profile"after the lookup to make sure you have the right profile selected.

f5-hopeful · Answer

Thank you for your suggestion JG, I will do this to check that I am selected the profile I think I'm selecting.

Forum Discussion

SSL::profile on SERVER_CONNECTED does not "find" SSL profile

2 Replies

Recent Discussions

How to target only webview rendering with CSS?

ltm policy asm_auto_l7_policy

MAC address not showing up in LLDP packet

F5Access | MacOS Sonoma

Active- Active HA setup

Related Content

SSL Profiles

SSL Profiles Part 6: SSL Renegotiation

Modify SSL profiles via REST API

SSL Profiles Part 5: SSL Options

SSL Profiles Part 8: Client Authentication