Lev Stipakov created TS-3292: -------------------------------- Summary: Make tr-pass work for SSL port Key: TS-3292 URL: https://issues.apache.org/jira/browse/TS-3292 Project: Traffic Server Issue Type: New Feature Components: Core Reporter: Lev Stipakov
As discussed some time ago on IRC, it would be nice to have tr-pass functionality for SSL port. If SSLAccept returns an error and: * tr-pass is set * first byte is not ClientHello we activate blind tunnel. If I understand correctly, the only packet we expect in sslServerHandShakeEvent is ClientHello, so it is safe to assume that if first byte is not handshake code (0x16), traffic is not SSL. I also think that we should start tunnel for all errors, not only SSL_ERROR_SSL, because if first packet is smaller than expected ClientHello, SSLAccept returns SSL_ERROR_WANT_READ. Subsequent packets will surely generate SSL_ERROR_SSL, but I don't think it is necessary to wait for those. https://github.com/apache/trafficserver/pull/162 -- This message was sent by Atlassian JIRA (v6.3.4#6332)