sni-mapping
This command manages a host-to-profile map that maps the ClientHello
SNI extension to TLS server profiles in an SNI map.
Syntax
sni-mapping pattern name
no sni-mapping pattern
Parameters
- pattern
- Specifies a shell-style pattern for the hostname in the incoming
ClientHello
SNI extension. Each pattern in the SNI map must be unique. - name
- Specifies the TLS server profile to use when the hostname matches the pattern.
Guidelines
The sni-mapping command manages a host-to-profile map that maps the
ClientHello
SNI extension to TLS server profiles in an SNI map.
Each TLS SNI server profile requires an SNI map. When the hostname in the
ClientHello
SNI extension matches a pattern, the profile routes inbound traffic to
the appropriate TLS server profile. The TLS server profile defines the actual key material and TLS
protocol parameters.
When the client sends a ClientHello
SNI extension and it does not match an entry
in the SNI map, the request is rejected. When rejection is not the behavior you want, define a
hostname map with the *
pattern.
To delete an entry in the map, use the no sni-mapping command.