Bug ID 653495: Incorrect SNI hostname attached to serverside connections

Last Modified: Oct 06, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
13.0.0

Fixed In:
13.1.0, 13.0.1

Opened: Mar 24, 2017
Severity: 2-Critical
Related AskF5 Article:
K05411532

Symptoms

SNI hostname submitted to a virtual server on the client side is sent to server side, even if there is a different hostname specified in the server SSL profile.

Impact

SNI is sent from client to server without stripping or rewriting the SNI.

Conditions

-- Client side ClientHello contains SNI.

Workaround

None.

Fix Information

SNI hostname submitted to a virtual server on the client side is no longer sent to server side unless specifically requested (for example when forward proxy is enabled). When there is a different hostname specified in the server SSL profile the SNI is also rewritten to the specified hostname.

Behavior Change