Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Inspect SSL SNI but don't do SSL offloading?

Hi,

Is it possible for a VS to use an iRule to parse the SNI extension from the SSL ClientHello packet from the client, use it for some logic (like where to go, etc), but do NOT actually perform SSL offloading? I.e. pass through the packets to the actual server to do the SSL handshake as if it was just a TCP VS setup with no SSL profile attached?

All the stuff I have seen indicates that I'll need an SSL profile to get the CLIENTHELLO event or to use the SSL::sni construct. I also saw an iRule posted that manually decipher the SNI hostname (https://devcentral.f5.com/codeshare?sid=717) but it is still in the context of doing SSL offloading.

Thanks!

Wilson

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi,

Look at this code

0
Comments on this Answer
Comment made 07-May-2018 by wilcdr 126

Oh, this is awesome! Pretty close to exactly what I was looking for!

Thanks!

Wilson

0