Gil, On 04/05/2017 10:02 AM, Gil Bahat wrote: > Hey Nenad, > > did anything come out of this? interestingly enough, some compliance > challenges I was facing brought this to mind again.
Sadly I didn't have any time to work on this. I did check a bit and found the maps interface somewhat counter-intuitive to use here, so I went down the route of adding support for socket "manually" (same way OCSP and TLS tickets are done). Maybe I'll have time this weekend to finish it. Would you perhaps prefer I send the patches that implement this immediately for Willy to merge and then add the socket-related functionality later (as with Olivier's patches it is less critical)? Regards, Nenad > > Regards, > > Gil > > On Thu, Jan 5, 2017 at 5:22 AM, Nenad Merdanovic <nmer...@haproxy.com > <mailto:nmer...@haproxy.com>> wrote: > > I have a working patch for this, but it's very ugly currently (minimal > error checking, no warnings/messages, no docs, very basic tests done > only, etc.) > > I expect to have a version for review by EOW (depending on the workload, > maybe a bit sooner). > > Regards, > Nenad > > On 1/2/2017 10:11 AM, Gil Bahat wrote: > > yes, stunnel was my original inspiration for this request, I wanted > > HAproxy to communicate with stunnel-backed services. actually, stunnel > > implements both PSK server and PSK client and it would make sense for > > HAproxy to have both. TLS 1.3 also appears to significantly improve PSK > > with combinations such as RSA-PSK and ECDHE-PSK, so that appears to have > > future usability as well. > > > > Regards, > > > > Gil > > > > On Sun, Jan 1, 2017 at 5:41 PM, Igor Pav <i...@fastsp.net > <mailto:i...@fastsp.net> > > <mailto:i...@fastsp.net <mailto:i...@fastsp.net>>> wrote: > > > > Stunnel supports it, https://www.stunnel.org/auth.html > <https://www.stunnel.org/auth.html> > > <https://www.stunnel.org/auth.html > <https://www.stunnel.org/auth.html>>, quite simple. > > > > On Sun, Jan 1, 2017 at 4:34 PM, Willy Tarreau <w...@1wt.eu > <mailto:w...@1wt.eu> > > <mailto:w...@1wt.eu <mailto:w...@1wt.eu>>> wrote: > > > On Sun, Jan 01, 2017 at 01:16:37AM +0800, Igor Pav wrote: > > >> Sounds good for SSL backend, is this possible? > > > > > > Indeed that sounds interesting for such use cases. I have no > idea > > what it > > > requires to set it up nor what needs to be configurable. Does > > anyone have > > > any pointer to any product supporting it ? > > > > > > Willy > > > > > >
