Interesting question for me either.. SNI is already supported by OpenSSL
starting from version 0.9.8f and later, pound supports it from version
2.6 - which is not in packages yet (still 2.5 there), nginx in packages
seems to be supporting it (not sure how it is in practice). Would be
cool if relayd(8) had such feature... But I don't see any info regarding
this in internet. Maybe somebody can shed some light on this ?
thanks,
VA
On 23.09.2010 19:31, Christopher Dukes wrote:
And if not is support planned?
I'd like to make use of relayd's relays for URL based filtering of https
requests. I already know for SSL2 I'm stuck to 1 IP address per cert.
A scan of the relayd.conf(5) and ssl(8) and the daily change logs for
4.6 through current all say no, but for all I know someone might be
working on something quietly :-).
And since the current state of things appears to be No TLS Server Name
Initiation, does anyone have any throughs as to whether or not using
relayd redirects and lighttpd or nginx to negotiate TLS SNI would be a
bad idea? And if it's a bad idea, what any better ideas are.
Thanks,
Chris Dukes
