On 2017-01-18 at 16:06 +0000, Jeremy Harris wrote: > To expand: Exim's implementation of Proxy Protocol > is currently hooked in after the TLS start done for > tls-on-connect. > > It turns out that the protocol spec document is ambiguous > and the other way about (proxy-protocol handling done > in-clear, then TLS) is the preferred way for HAproxy. > > Is anyone using and relying on the current Exim implementation > ordering? Or shall I just swap them round?
I think that Jeremy knows my opinion here, but so that others know what is likely to happen if nobody speaks up: I strongly favour swapping them around, putting a note in README.UPDATING and avoiding adding yet another knob. So if you are relying upon something which speaks Proxy Protocol initiating its _own_ TLS connection to an Exim TLS-on-connect backend, _then_ speaking PP within that, _before_ passing off to hand-off from the origin client, then you need to speak up with some details so that we can understand and weigh the cost of the added complexity, and make sure that we can then handle it without ending up with TLS tunnelled inside TLS. -Phil -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
