-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 11/09/2015 02:46 PM, Tomasz Sterna wrote: > Isn't smart proxy like sslh[1] better suited for the use case? > > > [1] http://www.rutschle.net/tech/sslh.shtml
Which use case? I actually do use sslh on my port 443, because I wrote a patch to let it multiplex based on the TLS SNI name. But accepting raw xmpp along with https on 443 is not a good option because it's obviously xmpp and can be trivially blocked, vs a TLS stream that could be http-over-tls or xmpp-over-tls. Now, you could also terminate TLS with something like stunnel, and THEN multiplex http/xmpp with something like sslh since everything is cleartext at that point, but it's a lot more complicated setup because then prosody/nginx don't know if they are encrypted or not for instance. It's also not quite as fast (or maybe secure), and it won't work with http2 which requires ALPN. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQQcBAEBCgAGBQJWQQIuAAoJEOy5uMuqxowDLL0f/11E2FQOZoBh3gipYAIVbWtN 9+1K/qPhiPgu87g6cXGLaA2MOAIrWDlY2uE59gLfb6o0TX0Uq9MlCah1O7s4CC7W nJ8egjrVBGk3mVH13z7fsH5/MmiK2cJtiA6uOoZU7PV1aDFELywjTNnrUyn7VshD SrEYcITZPsr8obIVg+W2d16kVTkH3r9BvsyE8yyiJyvRxA82RG5Xo4misOtQUBrp zyIGCJXOeo/z/bZO1U1NU7BA3Eqny0kBBTjYT/a/7hM9zcBZ5srehd/2YBEqvzi9 isZPrkPPw3kjpj6ejFbTqqOuY7tG2JN92MTqQ/3t2InxfoqSfscJUagCOxA4AZnB l7ubO2tt/C9o9/9P2/oTldjvt7Dc+LybEmEHIWxALlxV69Vq7/Ovhwdxkq+yqXs+ fKm4N1e36zxt9kdZNUxjKr0O82ssubuqrQoqV5A2S8GGS11I/gKuNj7n351DBg+L oe7YB8OMEd4w4VnZDB+Vv4JNHpay3CPyCBxGWTdf5dg2nkJnIrPXPmg3OPs7awjg j+MkkRxjUnipS/sNpsnbTEnmO5WE0YE3c/AzNhN+nMFdRJkLpPci9or8pxqyyAOv zrJNIn3PFSHb0k8SlEF9vunLaqB48l9D9y2IjzIOcOOrvxv4Y5XzI2o9UYTsL+L5 ulavjeAZvul8SzBQbZdsXqD6v9sq5AXWEzfSOSF/PqJIY11A0DT7VHsc0GbgX+Ch QRrCVZFSqfuqQ4VXa5C4UmhkQRxEzK2j5qPoTn5wX1ffxB2z12dqoSzJcxx0Bhex i5fSMc6YmmuoJmTbK6oqscHfevfwz9L9NvGj5Io0iGlR5LFwje7QjOxbVWhcBbqW ixuM3VHKbgZkW/u4biaO65VTdRL4hGkdjlzBd0g75Wz6UIhWHFSf5JNLdthSjC+M kqQVUbICE6fc45lFVFUaAx8pBfABuNvPj0HT1ZoqHwndn9nwfU2HmhduSCPrF+Ok J4ILKq4MpWU4YA4zoP91mGR9LWlo62wgej6ywIemUt7HGAAvEoB8k+isVAa3DmFM oyWNrN1Am8NWmX37OmT8WQpq5Ke6bCHgJg1yEaqZq/z8AgAc+MKw+2VSpe3xZoDq zmBo5VuxkPqftWsfDli/g8I7b+4+LSRtumHKVAXN4K/CHtZ/OWMyCgxl24JFfyxS G1gWJoD3lh37B5agxRo9Yl5lU9q+Ep3wouwDibPcatCuObwlbs0BpxTXDJutWzZ6 bk2/YGTriPLErtZ+ETMBHSOubQVmcopoS20nxJwOEvR875GE+9k4iX2NQC8gWXlJ 788/lIPxaGvAlQlu24jWJ2VKmE5VJMp3e3uYv5BAPmKDktvtLrhnsCjaCiCyNnc= =d2S8 -----END PGP SIGNATURE-----
