On Mon, Oct 29, 2012 at 05:35:37PM +0400, Samat Galimov wrote:
> Hello,
>
> Thank you very much for help.
>
> I can't make req_ssl_sni work and don't know how to troubleshoot it without
> digging into source code.
>
> Here is my config:
>
> ...
> listen https
> mode tcp
> bind :443
> tcp-request inspect-delay 5s
> use-server decipher if { req_ssl_sni example.com }
> server decipher 127.0.0.1:4443 weight 0
> server forward 127.0.0.1:5443
>
> frontend decipher
> mode http
> bind :4443 ssl crt cert.pem
> ...
>
> I say
> openssl s_client -connect 127.0.0.1:443 -servername example.com -debug
> And nc -l :5443 shows that connection is forwarded, not deciphered.
>
> Is there anything I missed?
Yes, you skipped the "tcp-request content-accept" line in the config I sent.
Willy
