[stunnel-users] Many services on the same port (VirtualHost)
Michal.Trojnara at mirt.net
Mon Nov 1 18:20:00 CET 2010
-----BEGIN PGP SIGNED MESSAGE-----
Jeremie Le Hen wrote:
> You have to use Server Name Indication, which is basically a "Host:"
> equivalent header at the TLS level.
> However, AFAIK, stunnel doesn't support this.
Support for Server Name Indication is already on my TODO list:
Implementation should be possible with
SSL_CTX_set_tlsext_servername_callback() function introduced by recent
versions of OpenSSL. I found some patches for mod_ssl to support SNI
stunnel.conf changes would probably introduce a new service endpoint
option called "serverName" or "SNI". These sections would not be
available directly (with an "accept" endpoint option), but instead
switched to when SNI TLS extension is received.
Anyone willing to sponsor this feature?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
-----END PGP SIGNATURE-----
More information about the stunnel-users