Forum Discussion
Cory_50405
Jun 10, 2014Noctilucent
You can actually specify multiple client SSL profiles (hence multiple certificates) on one virtual server based on TLS SNI. This may be of use to you.
http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13452.html
- Jun 10, 2014Thanks Cory! That was new to me and looks really promising. If his clients supports TLS that's an eligible option. Hope F5 gets native support for it later. /Patrik
- ArieJun 10, 2014AltostratusThe demise of Windows XP finally made this option truly available, as it was just about the only OS (i.e. all versions of IE on XP) that isn't compatible with SNI. Of course this limitation still applies if a significant portion of a site's visitors are using XP. Many governments are paying Microsoft for extended support since they're still using XP.
- Jun 10, 2014I made a study of our user base and close to 10% of them uses SSLv3. Agent strings suggests the culprits to be Xp, MacOs and Linux. I never imagined it to be that high.