Miyuko
December 24, 2024, 4:25am
1
We are replacing the F5 load balancer. Could you please let me know how to implement this iRule using aflex or other methods?
he client request SSL packet header does not contain SNI, and it needs to be extracted from the Host field of the HTTP packet header.
F5 irules:
when HTTP_REQUEST {set sni_value [getfield [HTTP::host] “:” 1]}when SERVERSSL_CLIENTHELLO_SEND {SSL::extensions insert [binary format SSScSa* 0 [expr { [set sni_length [string length $sni_value]] + 5 }] [expr { $sni_length + 3 }] 0 $sni_length $sni_value]}
How to inject Server Name Extension (SNI) on server-side based on HTTP Host by Aflex?
Miyuko
March 6, 2025, 3:20pm
2
I try to use-client-sni ,but it doesn’t work on https port.
maybe SSL::payload can help? Anybody help me,please.??
mdunn
March 6, 2025, 10:14pm
3
The intended function of “use-client-sni” is to copy the SNI from the client side client hello to the server side client hello. Unfortunately, if the SNI is already missing from the client, we cannot copy it to the server.
I have not found a native configuration to support this use-case. In Aflex, I do not see a function for SSL::extensions insert…
Miyuko
March 10, 2025, 6:24am
4
Do existing APIs provide methods to handle this situation?
and if multiple **Certificates **can support this use-case?
mdunn
March 10, 2025, 5:05pm
5
APIs will not offer additional configuration options beyond the CLI and GUI. We still have the same challenge.
Can you explain the multiple certificate use-case? How do multiple certificates interact with the client SNI?
Miyuko
March 11, 2025, 9:27am
6
if i can use aflex to change the value of “server name” of the serverssltemplate
