Oh nice.. Thanks for the second set of eyes Lukas. So funnily enough I was planning on doing a capture.. I just don’t have access to a system in that environment yet. So since I'm on the topic of the config syntax... I wonder, can I ask if the server directives are correct insofar as making a secured connection to the backend server entries? I'm told that HAP might be connecting by IP in which case the SSL cert would be useless, but in my reading through the documentation I have not found either support or otherwise for that idea.
On 11/2/21, 5:16 PM, "Lukas Tribus" <[email protected]> wrote: Hello, On Tue, 2 Nov 2021 at 21:24, Ben Hart <[email protected]> wrote: > > In the config (pasted here > https://0bin.net/paste/1aOh1F4y#qStfT0m0mER3rhI3DonDbCsr0NRmVuH9XiwvagEkAiE) > My questions surround the syntax of the config file.. Most likely those clients don't send SNI. Capture the SSL handshake and verify to make sure. Although you don't need the "tcp-request*" keywords (we are not extracting SNI "manually" from a TCP connection buffer, but locally deciphering it and accessing it through the OpenSSL API), I don't see any obvious errors in your configuration. Regards, Lukas
