masaori335 commented on issue #11758: URL: https://github.com/apache/trafficserver/issues/11758#issuecomment-2436628746
Hello, Tero. Thanks for report. I recently start taking a look at PQTLS and tested ATS with [tldr_fail_test.py](https://github.com/dadrian/tldr.fail/blob/main/tldr_fail_test.py). If I run ATS as a reverse proxy, there're no issue with large Client Hello nor separated Client Hello. However, as you pointed out, the Blind Tunnel case is not working with separated Client Hello. > To fix the issue, the case of SSL_HANDSHAKE_WANT_READ should be handled so that the second TCP segment of handshake is read into the existing SSL handshake buffer, and then ssl_accept() is called with that buffer. I agree with we should read all packets that has Client Hello and forward them to origin server as tunnel. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
