Forum Discussion

Nimbostratus

Feb 17, 2016

AWS Cloud HSM with TLS SNI feature - multiple HTTPs on one IP

Hi Guys, We are implementing F5 LTM VEs v11.6 and v12.0 in AWS, and we are going to use CloudHSM for our key management. We also have a requirement to terminate multiple HTTPS sites on one ...

MVP

Feb 18, 2016

Hi Ebathaei,

when dealing with SNI to host multiple sites on a single IP address, then you have basically the following 3 different options at your fingertips...

Terminate the TLS-Connetions (aka. SSL inspect) on your F5 and let the F5 automatically select the right SSL certificate.
Layer4 forward the TLS-Connection (aka. don't SSL inspection) directly to your backend and let the backend handle the SNI based SSL certificate selection.
Layer4 inspect the initial START_TLS message on your F5 and then dynamically forward the connection to different internal non-SNI aware IP:Port combinations.

So either use 2.) if your HSM supports SNI, or use 3.) if your HSM don't support SNI.

Cheers, Kai

Forum Discussion

AWS Cloud HSM with TLS SNI feature - multiple HTTPs on one IP

Recent Discussions

BWC iRule

Citrix XenServer Big-IP Upgrade help

iRule condition - request contains more than 10000 parameters

Hi All, We have viprion 4300 with 4450 blades with 6 blades all blades having same configuration

Can iRule be used to perform exception of IPI category based on Geolocation

Related Content

Introducing Secure MCN features on F5 Distributed Cloud

F5 Distributed Cloud – Multiple custom certificates for HTTP/TCP LB

Insights of F5 Distributed Cloud WAAP Events Export, New Operators and Trends features

Multiple Kubernetes Clusters and Path-Based Routing with F5 Distributed Cloud

Introduction to F5 Distributed Cloud Console Rate Limiting Feature