[prev in list] [next in list] [prev in thread] [next in thread]
List: stunnel-users
Subject: Re: [stunnel-users] behavior change after enabling proxy protocol
From: Philippe Anctil <philippe.anctil () gmail ! com>
Date: 2014-06-05 16:09:44
Message-ID: CAOPjdVMQd3tGwei7T83FZ8MwGbCoX=WWww4V81Jwi-U6J5TWYQ () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
I'm glad to see this issue is fixed in 5.02b2. Thanks!
2014-01-10 6:52 GMT-05:00 Michal Trojnara <Michal.Trojnara@mirt.net>:
> On 01/09/2014 11:58 PM, Philippe Anctil wrote:
>
>> I see no good reason to connect to the application before the ssl session
>> is established.
>>
>
> Good point. For the proxy protocol there is indeed no good reason for it.
>
> Most other protocols require protocol negotiation to be performed before
> TLS handshake. The current implementation of protocol negotiation in
> stunnel does not distinguish those cases.
>
> Mike
> _______________________________________________
> stunnel-users mailing list
> stunnel-users@stunnel.org
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>
--
Philippe Anctil
[Attachment #5 (text/html)]
<div dir="ltr">I'm glad to see this issue is fixed in 5.02b2. \
Thanks!<br></div><div class="gmail_extra"><br><br><div class="gmail_quote">2014-01-10 \
6:52 GMT-05:00 Michal Trojnara <span dir="ltr"><<a \
href="mailto:Michal.Trojnara@mirt.net" \
target="_blank">Michal.Trojnara@mirt.net</a>></span>:<br> <blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div class="">On 01/09/2014 11:58 PM, Philippe Anctil \
wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px \
#ccc solid;padding-left:1ex"> I see no good reason to connect to the application \
before the ssl session is established.<br> </blockquote>
<br></div>
Good point. For the proxy protocol there is indeed no good reason for it.<br>
<br>
Most other protocols require protocol negotiation to be performed before TLS \
handshake. The current implementation of protocol negotiation in stunnel does not \
distinguish those cases.<br> <br>
Mike<br>
______________________________<u></u>_________________<br>
stunnel-users mailing list<br>
<a href="mailto:stunnel-users@stunnel.org" \
target="_blank">stunnel-users@stunnel.org</a><br> <a \
href="https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users" \
target="_blank">https://www.stunnel.org/cgi-<u></u>bin/mailman/listinfo/stunnel-<u></u>users</a><br>
</blockquote></div><br><br clear="all"><br>-- <br><div dir="ltr">Philippe \
Anctil</div> </div>
_______________________________________________
stunnel-users mailing list
stunnel-users@stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic