support TLS Server Name Indication (RFC 6066) #524
-
Hi correct me if i'm wrong, but from my short test it seems davx5 does not yet support TLS Server Name Indication. I've set up the Stream module on my nginx reverse proxy combined with ssl_preread to directly forward SSL traffic packets to different hosts depending on the URL they want, making it way easier to set up SSL certificates directly on my services without bothering with certs on the reverse proxy. It works great for browsers, but it seems davx5 does not send the SNI data and gets proxied to the wrong host. i don't know if this would be hard to implement, but for me it would make my life massively easier, it just seems like a way cleaner solution for reverse proxies and SSL. i'm sure i wouldn't be the only one using this too, but i do see that SNI is still kind of "new". some info: please let me know if i can help with any more info or testing. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 2 replies
-
closing this for the moment as i'm gathering more info, not 100% sure it's davx5 |
Beta Was this translation helpful? Give feedback.
-
on further research, it really does seem that davx5 does not send SNI information. it keeps matching my default rules no matter what, whereas browsers work perfectly well with my setup. reopening. |
Beta Was this translation helpful? Give feedback.
oh, sorry about that then. I will try to set up a minimal example, to make sure the rest of my setup isn't interfering. if i still can't get it to work, i'll provide the minimal example here. but since you're saying it does support SNI, the issue is most likely on my end and i'll have to do some more troubleshooting.