Forum Discussion

Nimbostratus

Jun 17, 2005

SSL client profile based on hostname

Is there anyway to select or change the SSL client profile based on hostname?

If is easy to find the hostname in an HTTP_REQUEST but then how could you set the SSL client profile? I am trying to have one VIP for multiple SSL sites each with different SSL certificates for each.

Thanks in advance.

21 Replies

Gauthier_Delac1
Nimbostratus
Sep 28, 2011
Hi,

It's not easy because user agent header is sent after SSL handshake (even with SNI).

But in this iRule (http://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/1086451/Multiple-Certs-One-VIP-TLS-Server-Name-Indication-via-iRules.aspx), you can use detect_handshake variable to know if SNI has been used.

Then depending on what you call "kick", you can use this variable in any other event to handle unsupported clients the way you want.

Forum Discussion

SSL client profile based on hostname

21 Replies

Recent Discussions

Troubleshooting Bandwidth Limit Exceedance in Outlook Client Despite BWC Policy

F5 VPN client + Endpoint Inspection

Who is the good technical book publisher for first time author?

failed: Cannot contact any KDC for realm

F5OS API is config save/commit needed?

Related Content

SSL Profiles Part 8: Client Authentication

Client SSL Profile

Client vs Server SSL profile

Fingerprinting TLS Clients with JA4 on F5 BIG-IP

SSL Profiles