On Fri, May 17, 2019 at 09:23:59PM +0200, Tim Düsterhus wrote:
> Willy: I wonder if that's something HAProxy itself should detect: When a
> client certificate is provided for a connection and the Host header does
> not match the SNI then an 421 is sent automatically (that behaviour of
> course bein
Joao,
Willy,
Am 17.05.19 um 12:14 schrieb Joao Morais:
>> Absolutely, I've already read about this though I don't know the
>> implementations details. Similar concepts have been discussed quite
>> a bit on the HTTP WG, though I don't undertand the details of each
>> variation. The main thing is th
Willy,
Am 17.05.19 um 09:04 schrieb Willy Tarreau:
> Now I understand better how you want to use your strcmp() converter :-)
>
In fact I already explained that in my initial patch:
https://www.mail-archive.com/haproxy@formilux.org/msg29786.html
But I found something interesting while searching
Hi Willy,
> Em 17 de mai de 2019, à(s) 04:03, Willy Tarreau escreveu:
>
> Hi Jarno,
>
> On Thu, May 16, 2019 at 06:49:56PM +0300, Jarno Huuskonen wrote:
>> Do the myapp.io and anotherapp.com share same certificate (ie.
>> certificate has both myapp.io and anotherapp.com SAN) ?
>>
>> AFAIK br
Hey guys,
> Em 16 de mai de 2019, à(s) 15:05, Tim Düsterhus escreveu:
>
> Am 16.05.19 um 17:49 schrieb Jarno Huuskonen:
>> Do the myapp.io and anotherapp.com share same certificate (ie.
>> certificate has both myapp.io and anotherapp.com SAN) ?
>>
>> AFAIK browser can reuse the same tls conne
On Thu, May 16, 2019 at 08:05:33PM +0200, Tim Düsterhus wrote:
> With HAProxy 1.9 you should be able to use the strcmp converter I
> contributed like this:
>
> http-request set-var(txn.host) hdr(host)
> # Check whether the client is attempting domain fronting.
> acl ssl_sni_http_host_m
Hi Jarno,
On Thu, May 16, 2019 at 06:49:56PM +0300, Jarno Huuskonen wrote:
> Do the myapp.io and anotherapp.com share same certificate (ie.
> certificate has both myapp.io and anotherapp.com SAN) ?
>
> AFAIK browser can reuse the same tls connection if the certificate
> covers both names.
Absolu
Jarno,
Joao,
Am 16.05.19 um 17:49 schrieb Jarno Huuskonen:
> Do the myapp.io and anotherapp.com share same certificate (ie.
> certificate has both myapp.io and anotherapp.com SAN) ?
>
> AFAIK browser can reuse the same tls connection if the certificate
> covers both names. When the host/sni diffe
Hi,
On Thu, May 16, Joao Morais wrote:
>
> Hi list! The symptom is as follow: when logging Host: header I receive
> `myapp.io` while in the same request the sni extension says `anotherapp.com`.
>
> This happens in a very few requests (about 0.5%) but this is enough to make
> some noise - regar
Am 16.05.2019 um 16:37 schrieb Joao Morais:
>
> Hi list! The symptom is as follow: when logging Host: header I receive
> `myapp.io` while in the same request the sni extension says `anotherapp.com`.
>
> This happens in a very few requests (about 0.5%) but this is enough to make
> some noise - r
Hi list! The symptom is as follow: when logging Host: header I receive
`myapp.io` while in the same request the sni extension says `anotherapp.com`.
This happens in a very few requests (about 0.5%) but this is enough to make
some noise - regarding server certificate used in the handshake, and
11 matches
Mail list logo