Hey Nenad, did anything come out of this? interestingly enough, some compliance challenges I was facing brought this to mind again.
Regards, Gil On Thu, Jan 5, 2017 at 5:22 AM, Nenad Merdanovic <[email protected]> wrote: > I have a working patch for this, but it's very ugly currently (minimal > error checking, no warnings/messages, no docs, very basic tests done > only, etc.) > > I expect to have a version for review by EOW (depending on the workload, > maybe a bit sooner). > > Regards, > Nenad > > On 1/2/2017 10:11 AM, Gil Bahat wrote: > > yes, stunnel was my original inspiration for this request, I wanted > > HAproxy to communicate with stunnel-backed services. actually, stunnel > > implements both PSK server and PSK client and it would make sense for > > HAproxy to have both. TLS 1.3 also appears to significantly improve PSK > > with combinations such as RSA-PSK and ECDHE-PSK, so that appears to have > > future usability as well. > > > > Regards, > > > > Gil > > > > On Sun, Jan 1, 2017 at 5:41 PM, Igor Pav <[email protected] > > <mailto:[email protected]>> wrote: > > > > Stunnel supports it, https://www.stunnel.org/auth.html > > <https://www.stunnel.org/auth.html>, quite simple. > > > > On Sun, Jan 1, 2017 at 4:34 PM, Willy Tarreau <[email protected] > > <mailto:[email protected]>> wrote: > > > On Sun, Jan 01, 2017 at 01:16:37AM +0800, Igor Pav wrote: > > >> Sounds good for SSL backend, is this possible? > > > > > > Indeed that sounds interesting for such use cases. I have no idea > > what it > > > requires to set it up nor what needs to be configurable. Does > > anyone have > > > any pointer to any product supporting it ? > > > > > > Willy > > > > > >
