For outgoing TLS connections, might haproxy be taught to use a reasonable
default/implicit value 'sni' [1] expression/behavior that would 'first do
no harm'[2], and usually be correct, in the absence of an explicit
expression ?  (Understood that haproxy depends on an SSL lib)

E.g.; req.hdr(host) if it is set, else server(-template) <address> (if it
is  cfg'd as name, not IP), else ssl_fc_sni for bridged HTTPS, else ... ?

If SNI [3] is used vs. an endpoint that doesn't require/utilize it, is it
always innocuous ?

Are increasing demands by service providers that clients (e.g.; haproxy vs.
an SSL endoint) send SNI inevitable?  Or is some alternative pending?

Just wondering,


Reply via email to