SSL::profile¶
Description¶
This command allows you to switch between SSL profiles (both client
and server). Note: If this is done after SSL negotiation, your iRule
must use SSL::renegotiate.
Switching an SSL profile requires that the virtual server have one
assigned to it to begin with. This applies to both client- and
server-SSL profiles. You can also use
SSL::disable to use SSL selectively.
Warning
Deprecated in BIG-IP Next v20.0.1
Warning: If you choose an SSL profile with a different
key/cert/chain/ca-file from the SSL profile configured under the VS,
the cert/key/ca-file must be reloaded, which is very time consuming
(about half a second), degrading the SSL TPS performance drastically.
Examples¶
when CLIENT_ACCEPTED {
if { [IP::addr [IP::client_addr] eq $specific_ip ]} {
SSL::profile host1_profile
} else {
SSL::profile ssl_profile2
}
}
when HTTP_REQUEST {
SSL::renegotiate
}
when SERVER_CONNECTED {
if {[LB::server port] == 443 } {
SSL::profile serverssl_profile
} else {
SSL::disable
}
}