[stunnel-users] Extensions when negotiating TLS
Tom (AST) Watson
thomas.3.watson at raytheon.com
Mon Nov 4 22:05:11 CET 2019
Well, I thought it would be "easy", but maybe not. I have an application (#1) that uses http2, and isn't encrypted. No problem here. Now I have another application (#2) that insists on using https to talk to application #1. So I gleefully setup stunnel to connect the two. Well, application #2 starts talking to stunnel with a "Client Hello" packet, and it includes an extension "Application Layer Protocol Extension" of "h2". While not versed in the minutia, I take this that the client (application #2) wants to talk "http2" to the server (application #1). OK, that is what I want. The problem is that stunnel doesn't respond with ANY "Application Layer Protocol Extension" indicating acceptance of this request in its "server hello". This means that application #2 fails in its negotiation. No joy!
Now I know that application #1 will nicely talk http2, but how do I get stunnel to communicate this to application #2 (as encrypted http2). Am I missing something in my (pretty simple) configuration file?
Tom Watson (I'm at work now)
Thomas.3.watson at raytheon.com
More information about the stunnel-users