[jira] [Updated] (TS-2956) Add ssl_pre_handshake hook for better plugin access to SSL handling and allow for combination of blind tunnel and tunnel proxying

Tue, 12 Aug 2014 12:49:32 -0700 

     [ 
https://issues.apache.org/jira/browse/TS-2956?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Susan Hinrichs updated TS-2956:
-------------------------------

    Description: 
Organizations that want to do more extensive SSL processing than is allowed by 
the core should be able to write a plugin.  To support such plugins, the core 
needs to allow for the plugin to gain access after the TCP connection has 
completed but before the SSL Accept has completed. 

One feature that a plug in may want to implement is the ability to determine 
that some SSL connections should be fully proxied and others should be blind 
tunneled.  To date, this is a global decision.  Either all tunnels are proxied 
by ATS or all are blind tunneled.

Probably should have been two issues, but the implementations are intertwined.


  was:
Organizations that want to do more extensive SSL processing than is allowed by 
the core should be able to write a plugin.

To support such plugins, the core needs to allow for the plugin to gain access 
after the TCP connection has completed but before the SSL Accept has completed. 



> Add ssl_pre_handshake hook for better plugin access to SSL handling and allow 
> for combination of blind tunnel and tunnel proxying
> ---------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: TS-2956
>                 URL: https://issues.apache.org/jira/browse/TS-2956
>             Project: Traffic Server
>          Issue Type: Improvement
>          Components: Core, Plugins, SSL
>            Reporter: Susan Hinrichs
>            Assignee: Susan Hinrichs
>            Priority: Minor
>             Fix For: 5.2.0
>
>
> Organizations that want to do more extensive SSL processing than is allowed 
> by the core should be able to write a plugin.  To support such plugins, the 
> core needs to allow for the plugin to gain access after the TCP connection 
> has completed but before the SSL Accept has completed. 
> One feature that a plug in may want to implement is the ability to determine 
> that some SSL connections should be fully proxied and others should be blind 
> tunneled.  To date, this is a global decision.  Either all tunnels are 
> proxied by ATS or all are blind tunneled.
> Probably should have been two issues, but the implementations are intertwined.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to