You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafficserver.apache.org by "Leif Hedstrom (JIRA)" <ji...@apache.org> on 2015/03/31 05:15:53 UTC

[jira] [Updated] (TS-3292) Make tr-pass work for SSL port

     [ https://issues.apache.org/jira/browse/TS-3292?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Leif Hedstrom updated TS-3292:
------------------------------
    Issue Type: Improvement  (was: New Feature)

> Make tr-pass work for SSL port
> ------------------------------
>
>                 Key: TS-3292
>                 URL: https://issues.apache.org/jira/browse/TS-3292
>             Project: Traffic Server
>          Issue Type: Improvement
>          Components: Core
>            Reporter: Lev Stipakov
>            Assignee: Lev Stipakov
>             Fix For: 5.3.0
>
>
> As discussed some time ago on IRC, it would be nice to have tr-pass functionality for SSL port.
> If SSLAccept returns an error and:
> * tr-pass is set
> * first byte is not ClientHello
> we activate blind tunnel.
> If I understand correctly, the only packet we expect in sslServerHandShakeEvent is ClientHello, so it is safe to assume that if first byte is not handshake code (0x16), traffic is not SSL.
> I also think that we should start tunnel for all errors, not only SSL_ERROR_SSL, because if first packet is smaller than expected ClientHello, SSLAccept returns SSL_ERROR_WANT_READ. Subsequent packets will surely generate SSL_ERROR_SSL, but I don't think it is necessary to wait for those.
> https://github.com/apache/trafficserver/pull/162



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)