Hello Eugene, On Fri, Oct 10, 2014 at 08:13:43AM +0300, Eugene Istomin wrote: > Hello, > > yesterday we are looking for the client-side SNI custom string for one of > our clients and choose stunnel (as outbound TLS termination) for two > reasons: > 1) ability to send client certificate (client mode) > 2) ability to send custom SNI header in client mode > > We use haproxy as main L7 routers for years with a little bit of stunnel for > client cert auth. > Do you have any plans to add this features in 1.6?
It is already possible to send the client certificate, you just have to specify "crt <cert>" on the server line. There are some ongoing discussions about SNI. We all want to have it but want to ensure we're doing it correctly. Most users want to have a dynamic one, at least being able to retrieve the one from the other side, and possibly extract it from a Host header. And of course also from a static string. We're just trying to find the best way to configure this so that it's easy for all users. I personally think that a sample expression would be appropriate, just as for the "usesrc" keyword (which is currently limited). I'd rather avoid the ugly logformat string at this point since I don't think we need this complexity. If you have any opinion on the subject, please voice in! Best regards, Willy
