On Thu, Jan 24, 2019 at 6:05 PM, Sam Whited <[email protected]> wrote:
Depending on the TLS library you use, it may also not give you the TLS first message unless you're not doing renegotiation, in which case you're also safe.
There is another problem with TLS offload, because to my knowledge "proxy protocol" (supported by haproxy and others) doesn't support forwarding of TLS handshake messages (or tls-unique along) to the backend (i.e. XMPP server). _______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
