[stunnel-users] SNI with protocol=proxy ?

• Previous message (by thread): [stunnel-users] SNI with protocol=proxy ?
• Next message (by thread): [stunnel-users] SNI with protocol=proxy ?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Marek Majkowski wrote:
>> Also "proxy" protocol is implemented before SSL protocol 
>> negotiation.
>> The option should be supplied in the master (accepting) service.
>
> Good to know. Even better if that was documented somewhere :)

It would be better indeed, although hardly feasible in practice, to 
document all corner cases of interaction between stunnel options.  Feel 
free to contribute documentation.

> 2012.03.29 15:00:54 LOG6[21966:3076373360]: Server-mode proxy 
> protocol
> negotiations started
> 2012.03.29 15:00:54 LOG7[21966:3076373360]:  -> PROXY TCP4 aaa bbb 
> 56413 443
> 2012.03.29 15:00:54 LOG6[21966:3076373360]: Server-mode proxy 
> protocol
> negotiations succeeded
> 2012.03.29 15:00:54 LOG5[21966:3076373360]: SNI: switched to section
> https_yyy

You're right.  With current architecture of protocol negotiations, 
remote host has to be connected before SSL_accept().  As the result SNI 
is mostly ignored.

I've added this to my TODO list:
http://www.stunnel.org/?page=sdf_todo

Mike

• Previous message (by thread): [stunnel-users] SNI with protocol=proxy ?
• Next message (by thread): [stunnel-users] SNI with protocol=proxy ?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]