On 03/26/2015 08:34 AM, Baptiste wrote: > HAProxy does not support SNI on backend yet. > The biggest problem is not to send the SNI, the problem is what to send :) > Do you send the Host header sent by the client, do you want to forge > one, what happens if you do rewritting of the Host header, etc... > So we could discuss the options here, then we'll be able to code > something I guess...
Hi, FWIW, Apache HTTPd's mod_proxy sends a server_name value equals to the "Host" header contained in the request sent to the backend. It may be the request header (possibly rewritten) if the ProxyPreserveHost option is set to On, otherwise it's the backend's hostname. Note that: - rfc6066 section 3 explicitly forbids sending a literal IPv4 or IPv6 address, the server_name value must be a FQDN ; - connection reuse is tricky when SNI is enabled, as the same connection cannot be reused if the server_name value differs.
signature.asc
Description: OpenPGP digital signature
