[
https://issues.apache.org/jira/browse/TS-3472?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14386837#comment-14386837
]
Susan Hinrichs commented on TS-3472:
------------------------------------
It looks like sniproxy does a blind tunnel of the SSL connections (propagate
without decrypting).
You can do this via plugin in ATS and via the ssl_multicert.config file
currently. The "action=tunnel" attribute can be added to a line in
ssl_multicert.config. This means connections to the sever matching the line
(via IP address or certificate) will be blind tunneled.
For a plugin solution, checkout example/sni-ssl-whitelist. This plugin will
blind tunnel any SSL connection that does not have a certificate entry in the
ssl_multicert.config file.
Do you have specific suggestions on other ways to expand the ssl blind tunnel
support?
> SNI proxy alike feature for TS
> ------------------------------
>
> Key: TS-3472
> URL: https://issues.apache.org/jira/browse/TS-3472
> Project: Traffic Server
> Issue Type: New Feature
> Components: SSL
> Reporter: Zhao Yongming
> Fix For: sometime
>
>
> when doing forward proxy only setup, the sniproxy:
> https://github.com/dlundquist/sniproxy.git is a very tiny but cool effort to
> setup a TLS layer proxy with SNI, very good for some dirty tasks.
> in ATS, there is already a very good support in all those basic components,
> add SNI blind proxy should be a very good feature, with tiny small changes
> maybe.
> SNI in TLS, will extent the proxy(on caching) into all TLS based services,
> such as mail etc.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
