-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TLS SNI support #14
Comments
See how mitmproxy supports this complication here |
I've read the wiki about SNI, but can not fully understand it. |
Please see the list of complications mitmproxy talks about here: https://github.com/mitmproxy/mitmproxy/blob/master/doc-src/howmitmproxy.html#L125 They are hopefully documented a little better than the wiki page and can help clarify the different scenarios rather than me restating it :-) |
My english is very poor. Using SNI -> NodeHTTPSServer Support & Client Support Using SNI -> Only listen one TCP port. 支持了 SNI 现在的模式就不用监听那么多端口了,但是 IE6 不支持 SNI 。 其实还有更好的解决方案 XD 。 Some implementation better . https://github.com/guangwong/server-for-http-proxy/blob/master/lib/http-server-supported-https.js 这是 0.11.x 上的实现 ,0.10.x 需要多一些工作。 |
@dweinstein When it comes to proxy server, something changed. If a user wants to connect an https server via proxy, the browser will send an http(not https) request with CONNECT method first. During this process, the proxy server could learn the target host name and then establish a socket tunnel to target server. Now you can see, since we have got the hostname on OSI layer 7, SNI is no longer needed. Please note that we are talking about regular proxy server, not reverse proxy for load balance on server side. |
@dweinstein Thanks ! |
@guangwong 如上文所述,SNI应该是Proxy向server发送信息时需要支持的特性。至于用户这边的方案,多开几个端口也没什么问题,哈哈。 |
@ottomao 是呀,单机自己用这样也是没有关系的。 我在做淘宝这边的一个集中代理工具,是集中式的需要多考虑这些的(最伤心的还有证书安全。。 )。 |
@guangwong 不知道有没有给你回复过,AnyProxy现在已经支持SNI了,不用再开这么多端口。 |
@ottomao 好的~ 我这才知道 |
嗨,大家好。 而且我一定在客户端浏览器包括证书或工作的透明? 很多问候 |
@Degreane |
Yes sorry ;) much regards |
AnyProxy is now support SNI, close the issue. |
I don't think that currently SNI is supported.
The text was updated successfully, but these errors were encountered: