You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Susan Hinrichs (JIRA)" <ji...@apache.org> on 2015/03/30 17:14:53 UTC
[jira] [Commented] (TS-3472) SNI proxy alike feature for TS
[ https://issues.apache.org/jira/browse/TS-3472?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14386837#comment-14386837 ]
Susan Hinrichs commented on TS-3472:
------------------------------------
It looks like sniproxy does a blind tunnel of the SSL connections (propagate without decrypting).
You can do this via plugin in ATS and via the ssl_multicert.config file currently. The "action=tunnel" attribute can be added to a line in ssl_multicert.config. This means connections to the sever matching the line (via IP address or certificate) will be blind tunneled.
For a plugin solution, checkout example/sni-ssl-whitelist. This plugin will blind tunnel any SSL connection that does not have a certificate entry in the ssl_multicert.config file.
Do you have specific suggestions on other ways to expand the ssl blind tunnel support?
> SNI proxy alike feature for TS
> ------------------------------
>
> Key: TS-3472
> URL: https://issues.apache.org/jira/browse/TS-3472
> Project: Traffic Server
> Issue Type: New Feature
> Components: SSL
> Reporter: Zhao Yongming
> Fix For: sometime
>
>
> when doing forward proxy only setup, the sniproxy: https://github.com/dlundquist/sniproxy.git is a very tiny but cool effort to setup a TLS layer proxy with SNI, very good for some dirty tasks.
> in ATS, there is already a very good support in all those basic components, add SNI blind proxy should be a very good feature, with tiny small changes maybe.
> SNI in TLS, will extent the proxy(on caching) into all TLS based services, such as mail etc.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)