How to inject Server Name Extension (SNI) on server-side based on HTTP Host

MiyukoMiyuko Member

We are replacing the F5 load balancer. Could you please let me know how to implement this iRule using aflex or other methods?

he client request SSL packet header does not contain SNI, and it needs to be extracted from the Host field of the HTTP packet header.

F5 irules:

when HTTP_REQUEST {
set sni_value [getfield [HTTP::host] ":" 1]
}
when SERVERSSL_CLIENTHELLO_SEND {
SSL::extensions insert [binary format SSScSa* 0 [expr { [set sni_length [string length $sni_value]] + 5 }] [expr { $sni_length + 3 }] 0 $sni_length $sni_value]
}

How to inject Server Name Extension (SNI) on server-side based on HTTP Host by Aflex?

Sign In or Register to comment.