Last Modified: May 29, 2024
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
13.0.0
Fixed In:
13.1.0, 13.0.1
Opened: Mar 24, 2017 Severity: 2-Critical Related Article:
K05411532
SNI hostname submitted to a virtual server on the client side is sent to server side, even if there is a different hostname specified in the server SSL profile.
SNI is sent from client to server without stripping or rewriting the SNI.
-- Client side ClientHello contains SNI.
None.
SNI hostname submitted to a virtual server on the client side is no longer sent to server side unless specifically requested (for example when forward proxy is enabled). When there is a different hostname specified in the server SSL profile the SNI is also rewritten to the specified hostname.