-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support name-based hosts via TLS SNI #5
Comments
Any thoughts on when this might be available? |
Any progress here? Would be great to have a sni support for PROFTPD |
@Castaglia NB: Pure-FTPd just implemented SNI support. Maybe the implementation there would be a useful blueprint? |
@e-fik123 ProFTPD's |
Where is the current SNI support documented? |
@Castaglia i read the docu for |
If possible, perhaps even use the same SNI daemon that Pure-FTPd uses. There’s no reason to reinvent the wheel, after all. |
Any update here? to me this is still important topic. If you need any help let me know. |
Notes for myself, for SNI-related configurations:
|
@FGasper @e-fik123 @jrhay1 FYI, this ticket is about supporting SNI as part of the lookup syntax for these dynamically loaded config files. For SNI support in |
@Castaglia: Just so I’m clear, does the current feature set allow ProFTPd to allow the SNI string to determine which of a set of certificates (either pre-loaded or runtime-determined) is served up? |
@FGasper @e-fik123 Now that SNI support in
I can now start properly working on SNI support for |
Issue #5: Implement support for name-based host configs via the `%n` …
Fixed in |
Some sites may wish to host large numbers of vhosts on the same IP address. One way that
mod_autohost
could handle these, in addition to (or related to) [HOST
] (see Issue #1) could be to look up the vhost config based on TLS SNI.Given that the TLS handshake for FTPS connections happens sometime after the initial TCP connection, where any number of commands might happen, supporting SNI will not be as straightforward as destination IP-based lookups. There might be an "initial" config for use such connections, until such time as they provide an SNI via TLS handshake (and/or
HOST
command).The text was updated successfully, but these errors were encountered: