I've written a server that accepts a TLS connection, connects to a address based on the TLS connections server name and ALPN proto, and then copies all data between the two connections. https://github.com/nhooyr/tlsmuxd
The problem that I am having is for the following configuration:
Now say a user connects to my server with their ALPN protos as ["h2", "http/1.1"] and server name as "example2.com". According to the above configuration, a connection to localhost:8084 should be made and then all data between the user and localhost:8084 connections should be copied. The problem is that crypto/tls does not allow for dynamic ALPN. So the "h2" protocol will always be selected and then the user will be disconnected because "example2.com" does not exist for "h2".
So I'd like is to be able to offer different protocols for different server names instead of having it static. This isn't a severe problem for me because since I use Go, I'll always be able to serve both "http/1.1" and "h2". However, it feels ugly because say I have the "ssh" protocol defined (I tunnel SSH through TLS when I need to get around a strict network) for "example.com", then if someone connects with Server Name as "example2.com", even though my server cannot actually serve it SSH, it still advertises it.
The text was updated successfully, but these errors were encountered: