-
Notifications
You must be signed in to change notification settings - Fork 683
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSL passthrough with SNI support #1204
Comments
Thanks! A PR for this would be welcome. |
This should be addressed with TCP support in 0.51. |
@richarddli can you point me to documentation or examples of what the author was asking for? I am trying to do exactly this, but TLS continues to terminate at ambassador when a TLSContext defines a host which matches my SNI, not caring whether or not a Mapping or TCPMapping exists |
Just following on @texascloud's comment above, I would also be interested on how to configure the TLS passthrough, and as a follow-up whether the features that are available through Ambassador such as rewrite rules would also be available on TLS passthrough |
Please describe your use case / problem.
In my case and other typical scenarios, backend generates certificates so decryption and authorization needs to be done at backend instead of SSL termination at proxy.
Describe the solution you'd like
Ambassador should support SSL passthrough mode where proxy only does lookup into ClientHello (for SNI etc) message and forwards the encrypted TCP message to backend.
Additional context
Reference:
The text was updated successfully, but these errors were encountered: