On 26.11.2013 10:38, Yann Ylavic wrote: > With the per worker (single) connections-reslist model, If the connection > were to be closed in determine_connection() when the Host mismatches, that > would be be a painful performance penalty when SNI is enabled (no option to > disable currently)...
With SNI, the assumption "same IP and port, same TLS peer" no longer holds true. Two backend URLs, though served from the same IP:port, might have very different characteristics (one using an RSA cert, the other ECDSA e.g., and distinct supported cipher suites). I.e., you're really talking to two completely different peers in this case. Kaspar
