You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafficserver.apache.org by "Susan Hinrichs (JIRA)" <ji...@apache.org> on 2015/03/30 17:14:53 UTC

[jira] [Commented] (TS-3472) SNI proxy alike feature for TS

    [ https://issues.apache.org/jira/browse/TS-3472?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14386837#comment-14386837 ] 

Susan Hinrichs commented on TS-3472:
------------------------------------

It looks like sniproxy does a blind tunnel of the SSL connections (propagate without decrypting).  

You can do this via plugin in ATS and via the ssl_multicert.config file currently. The "action=tunnel" attribute can be added to a line in ssl_multicert.config.  This means connections to the sever matching the line (via IP address or certificate) will be blind tunneled.

For a plugin solution,  checkout example/sni-ssl-whitelist.  This plugin will blind tunnel any SSL connection that does not have a certificate entry in the ssl_multicert.config file.

Do you have specific suggestions on other ways to expand the ssl blind tunnel support?

> SNI proxy alike feature for TS
> ------------------------------
>
>                 Key: TS-3472
>                 URL: https://issues.apache.org/jira/browse/TS-3472
>             Project: Traffic Server
>          Issue Type: New Feature
>          Components: SSL
>            Reporter: Zhao Yongming
>             Fix For: sometime
>
>
> when doing forward proxy only setup, the sniproxy: https://github.com/dlundquist/sniproxy.git is a very tiny but cool effort to setup a TLS layer proxy with SNI, very good for some dirty tasks.
> in ATS, there is already a very good support in all those basic components, add SNI blind proxy should be a very good feature, with tiny small changes maybe.
> SNI in TLS, will extent the proxy(on caching) into all TLS based services, such as mail etc.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)