SSL::profile

Description

This command allows you to switch between SSL profiles (both client and server).  Note:  If this is done after SSL negotiation, your iRule must use SSL::renegotiate.
Switching an SSL profile requires that the virtual server have one assigned to it to begin with.  This applies to both client- and server-SSL profiles.  You can also use SSL::disable to use SSL selectively.
Warning:  If you choose an SSL profile with a different key/cert/chain/ca-file from the SSL profile configured under the VS, the cert/key/ca-file must be reloaded, which is very time consuming (about half a second), degrading the SSL TPS performance drastically.

Syntax

SSL::profile <profile_name>

SSL::profile <profile_name>

  • Switch to the defined SSL profile.

Examples

when CLIENT_ACCEPTED {
  if { [IP::addr [IP::client_addr] eq $specific_ip ]} {
    SSL::profile host1_profile
  } else {
    SSL::profile ssl_profile2
  }
}

when HTTP_REQUEST {
  SSL::renegotiate
}
when SERVER_CONNECTED {
  if {[LB::server port] == 443 } {
    SSL::profile serverssl_profile
  } else {
    SSL::disable
  }
}