sni-mapping

This command manages a host-to-profile map that maps the ClientHello SNI extension to TLS server profiles in an SNI map.

Syntax

sni-mapping pattern name

no sni-mapping pattern

Parameters

pattern
Specifies a shell-style pattern for the hostname in the incoming ClientHello SNI extension. Each pattern in the SNI map must be unique.
name
Specifies the TLS server profile to use when the hostname matches the pattern.

Guidelines

The sni-mapping command manages a host-to-profile map that maps the ClientHello SNI extension to TLS server profiles in an SNI map.

Each TLS SNI server profile requires an SNI map. When the hostname in the ClientHello SNI extension matches a pattern, the profile routes inbound traffic to the appropriate TLS server profile. The TLS server profile defines the actual key material and TLS protocol parameters.

Tip:

When the client sends a ClientHello SNI extension and it does not match an entry in the SNI map, the request is rejected. When rejection is not the behavior you want, define a hostname map with the * pattern.

To delete an entry in the map, use the no sni-mapping command.