Hello-- The TLS unique id, or unique channel binding, is a byte string that can be pulled from a TLS connection and it is unique to that connection. It is defined in RFC 5929 section 3. The value is used by various upper layer protocols as part of an extra layer of security. For example XMPP (RFC 6120) and EST (RFC 7030).
I created this patch on top of dev22 to extract this value so it can be passed from the front end to the back end when TLS is terminated at the front end. Here is an example configuration using it: server backend 127.0.0.1:80 http-request set-header X-TLS-UNIQUE-ID %{+Q}[ssl_fc_unique_id] If you accept this patch, I'd also be happy to update configuration.txt. This is my first contribution, so please let me know the correct the procedure if I've missed something. Thanks, --Dave
tlsunique.patch
Description: Binary data