[ https://issues.apache.org/jira/browse/TS-2956?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Susan Hinrichs updated TS-2956: ------------------------------- Description: Organizations that want to do more extensive SSL processing than is allowed by the core should be able to write a plugin. To support such plugins, the core needs to allow for the plugin to gain access after the TCP connection has completed but before the SSL Accept has completed. One feature that a plug in may want to implement is the ability to determine that some SSL connections should be fully proxied and others should be blind tunneled. To date, this is a global decision. Either all tunnels are proxied by ATS or all are blind tunneled. Probably should have been two issues, but the implementations are intertwined. was: Organizations that want to do more extensive SSL processing than is allowed by the core should be able to write a plugin. To support such plugins, the core needs to allow for the plugin to gain access after the TCP connection has completed but before the SSL Accept has completed. > Add ssl_pre_handshake hook for better plugin access to SSL handling and allow > for combination of blind tunnel and tunnel proxying > --------------------------------------------------------------------------------------------------------------------------------- > > Key: TS-2956 > URL: https://issues.apache.org/jira/browse/TS-2956 > Project: Traffic Server > Issue Type: Improvement > Components: Core, Plugins, SSL > Reporter: Susan Hinrichs > Assignee: Susan Hinrichs > Priority: Minor > Fix For: 5.2.0 > > > Organizations that want to do more extensive SSL processing than is allowed > by the core should be able to write a plugin. To support such plugins, the > core needs to allow for the plugin to gain access after the TCP connection > has completed but before the SSL Accept has completed. > One feature that a plug in may want to implement is the ability to determine > that some SSL connections should be fully proxied and others should be blind > tunneled. To date, this is a global decision. Either all tunnels are > proxied by ATS or all are blind tunneled. > Probably should have been two issues, but the implementations are intertwined. -- This message was sent by Atlassian JIRA (v6.2#6252)