I have a working patch for this, but it's very ugly currently (minimal error checking, no warnings/messages, no docs, very basic tests done only, etc.)
I expect to have a version for review by EOW (depending on the workload, maybe a bit sooner). Regards, Nenad On 1/2/2017 10:11 AM, Gil Bahat wrote: > yes, stunnel was my original inspiration for this request, I wanted > HAproxy to communicate with stunnel-backed services. actually, stunnel > implements both PSK server and PSK client and it would make sense for > HAproxy to have both. TLS 1.3 also appears to significantly improve PSK > with combinations such as RSA-PSK and ECDHE-PSK, so that appears to have > future usability as well. > > Regards, > > Gil > > On Sun, Jan 1, 2017 at 5:41 PM, Igor Pav <i...@fastsp.net > <mailto:i...@fastsp.net>> wrote: > > Stunnel supports it, https://www.stunnel.org/auth.html > <https://www.stunnel.org/auth.html>, quite simple. > > On Sun, Jan 1, 2017 at 4:34 PM, Willy Tarreau <w...@1wt.eu > <mailto:w...@1wt.eu>> wrote: > > On Sun, Jan 01, 2017 at 01:16:37AM +0800, Igor Pav wrote: > >> Sounds good for SSL backend, is this possible? > > > > Indeed that sounds interesting for such use cases. I have no idea > what it > > requires to set it up nor what needs to be configurable. Does > anyone have > > any pointer to any product supporting it ? > > > > Willy > >