[stunnel-users] SNI with protocol=proxy ?
Michal Trojnara
Michal.Trojnara at mirt.net
Thu Mar 29 18:16:15 CEST 2012
Marek Majkowski wrote:
>> Also "proxy" protocol is implemented before SSL protocol
>> negotiation.
>> The option should be supplied in the master (accepting) service.
>
> Good to know. Even better if that was documented somewhere :)
It would be better indeed, although hardly feasible in practice, to
document all corner cases of interaction between stunnel options. Feel
free to contribute documentation.
> 2012.03.29 15:00:54 LOG6[21966:3076373360]: Server-mode proxy
> protocol
> negotiations started
> 2012.03.29 15:00:54 LOG7[21966:3076373360]: -> PROXY TCP4 aaa bbb
> 56413 443
> 2012.03.29 15:00:54 LOG6[21966:3076373360]: Server-mode proxy
> protocol
> negotiations succeeded
> 2012.03.29 15:00:54 LOG5[21966:3076373360]: SNI: switched to section
> https_yyy
You're right. With current architecture of protocol negotiations,
remote host has to be connected before SSL_accept(). As the result SNI
is mostly ignored.
I've added this to my TODO list:
http://www.stunnel.org/?page=sdf_todo
Mike
More information about the stunnel-users
mailing list