Skip to content
This repository has been archived by the owner on Jan 5, 2024. It is now read-only.

SNI Extension missing in Client Hello Handshake to HTTPS backend #128

Open
armellin opened this issue Sep 15, 2023 · 3 comments
Open

SNI Extension missing in Client Hello Handshake to HTTPS backend #128

armellin opened this issue Sep 15, 2023 · 3 comments

Comments

@armellin
Copy link

Our HTTPS backend expects the SNI extension in the Client Hello during the handshake, but it seems that the proxy is not sending it, so the backend drops the connection.
Is it by design? Or am I missing anything?
@nevola
Copy link
Contributor

nevola commented Sep 18, 2023

Hi @armellin, SNI extension is used in the client connections. SNI is not supported while connecting to the backends.

Regards.

@armellin
Copy link
Author

Hi @nevola, according to this commit in zproxy by @abdessamad-zevenet it should be supported, isn't it?

Thanks for any further info.

@nevola
Copy link
Contributor

nevola commented Sep 18, 2023

Hi @armellin, the proxy code was rewritten due to design problems. This part is not included yet.

https://github.com/relianoid/proxyng/blob/8a8b426cd141f6e613c7bc64f31a68414c896f14/src/config.cpp#L1498

I would suggest to use layer 4 if it's possible meanwhile this code is re-enabled.
Kind Regards.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@armellin @nevola