> Am 04.03.2017 um 17:06 schrieb Claudio Jeker <[email protected]>: > >> On Fri, Mar 03, 2017 at 10:46:32AM -0500, Michael W. Lucas wrote: >> Hi folks, >> >> It *appears* that relayd doesn't speak SNI when used as a transparent >> intercepting proxy ala >> http://www.reykfloeter.com/post/41814177050/relayd-ssl-interception > > Yes, relayd is lacking SNI support and a few other things like OCSP. > I started to rewrite relayd using libtls instead of using libssl directly. > This should allow relayd to get SNI and OCSP support fairly easily. >
"rewrite relayd" First time I hear about this, but it is rather porting it to libtls. A task that was long planned once libtls has enough features/ ways to use it in relayd. For example, the inspection needs quite some libssl internals that are not exposed by libtls. Reyk
