On 2015-10-10 02:02, Willy Tarreau wrote:
On Fri, Oct 09, 2015 at 05:05:12AM -0400, Julien Vehent wrote:
On 2015-10-08 18:24, Lukas Tribus wrote:
>Are you sure your TLSv1.2 client is actually sending
>jve.linuxwall.info as SNI value? I suggest to remove the
>SNI if statement while testing the TLS ACL.
Argh... I can't count the number of times forgetting -servername in
openssl s_client got me looking for a bug. This one included.
At least now I don't feel alone :-)
Colleague of mine shared this ~/.bashrc trick:
tlscli() {
openssl s_client -connect $1:443 -servername $1 "${@:2}"
}
alias scli=tlscli
$ scli 1wt.eu -tls1_2 -debug
It's the little things...
- Julien
