Hi Willy, Emeric,
Op 11-3-2016 om 16:25 schreef Christopher Faulet:
Hi,
I've slightly updated my patch to improve it and to fix some
inconsistencies.
First of all, now "ssl-upgrade" and "no-ssl-upgrade" actions can be used
on "tcp-request content" rules _AND_ "tcp-request connection" rules, in
a frontend _OR_ a backend definition.
Then, these actions are now custom actions. I think this is cleaner this
way.
And finally, by default, no SSL upgrade is done when "defer-ssl-upgrade"
option is used. So you need to use explicitly a "ssl-upgrade" rule to
perform it. For a lack of finding the right place to do SSL upgrades
when no "tcp-request" rule is defined, I've decided to change the
default behavior. I've kept the "defer-ssl-upgrade" keyword, but now,
"skip-ssl-upgrade" could be more appropriate. If you prefer, i can do
the change.
The patch from Christopher looks to provide a nice additional feature.
Allowing offloading and sni passthrough on a single ip:port.
And with my limited testing it looks to work properly.
What do guys think about his latest patch?
Regards,
PiBa-NL
