[stunnel-users] Many services on the same port (VirtualHost)

• Previous message (by thread): [stunnel-users] Many services on the same port (VirtualHost)
• Next message (by thread): [stunnel-users] FD_SETSIZE still an option in stunnel 4.34?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jeremie Le Hen wrote:
> You have to use Server Name Indication, which is basically a "Host:"
> equivalent header at the TLS level.
>
> However, AFAIK, stunnel doesn't support this.

Support for Server Name Indication is already on my TODO list:
http://stunnel.mirt.net/?page=todo_sdf

Implementation should be possible with  
SSL_CTX_set_tlsext_servername_callback() function introduced by recent  
versions of OpenSSL.  I found some patches for mod_ssl to support SNI  
extension.

stunnel.conf changes would probably introduce a new service endpoint  
option called "serverName" or "SNI".  These sections would not be  
available directly (with an "accept" endpoint option), but instead  
switched to when SNI TLS extension is received.

Anyone willing to sponsor this feature?

Best regards,
	Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)

iEYEARECAAYFAkzO9sAACgkQ/NU+nXTHMtEkywCg6LeBp7wwkQagOmRacLYM+mcP
2M0An0FqWBTu+70aIqJ0cwyZncgVzHNj
=NXgB
-----END PGP SIGNATURE-----

• Previous message (by thread): [stunnel-users] Many services on the same port (VirtualHost)
• Next message (by thread): [stunnel-users] FD_SETSIZE still an option in stunnel 4.34?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]