Bug ID 653495: Incorrect SNI hostname attached to serverside connections

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
13.0.0

Fixed In:
13.1.0, 13.0.1

Opened: Mar 24, 2017

Severity: 2-Critical

Related Article: K05411532

Symptoms

SNI hostname submitted to a virtual server on the client side is sent to server side, even if there is a different hostname specified in the server SSL profile.

Impact

SNI is sent from client to server without stripping or rewriting the SNI.

Conditions

-- Client side ClientHello contains SNI.

Workaround

None.

Fix Information

SNI hostname submitted to a virtual server on the client side is no longer sent to server side unless specifically requested (for example when forward proxy is enabled). When there is a different hostname specified in the server SSL profile the SNI is also rewritten to the specified hostname.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips