Reverse proxy: do Client TLS before Server TLS #6282
Answered
by
mhils
oliverrahner
asked this question in
Q&A
Replies: 1 comment 2 replies
-
|
Have you tried setting connection_strategy to lazy? :)
…On Thu, Jul 27, 2023, 16:23 Oliver Rahner ***@***.***> wrote:
Hi,
I want to select the client certificate for the server connection based on
the client certificate of the client connection.
I did already manage to retrieve information about the client certificate,
but because the default layer stack for reverse proxy mode does server TLS
first, I don't have this information available yet...
I tried fiddling around with the next_layer hook, but it is only called
after the ServerTLSLayer has already been processed (tls_start_server is
called before next_layer).
So is what I want to do even feasible or are there dependencies I didn't
see that would prevent this from working?
Any hints on how to do what I'm looking for?
—
Reply to this email directly, view it on GitHub
<#6282>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAHY2PTS7SM63GYQM7MV743XSJ2WTANCNFSM6AAAAAA22FLJFY>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
Beta Was this translation helpful? Give feedback.
2 replies
-
|
🤦♂️ |
Beta Was this translation helpful? Give feedback.
-
|
That was way too easy :) |
Beta Was this translation helpful? Give feedback.
Answer selected by
oliverrahner
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi,
I want to select the client certificate for the server connection based on the client certificate of the client connection.
I did already manage to retrieve information about the client certificate of the client connection, but because the default layer stack for reverse proxy mode does server TLS first, I don't have this information available at the time of server TLS initialization...
I tried fiddling around with the
next_layerhook, but it is only called after theServerTLSLayerhas already been processed (tls_start_serveris called beforenext_layer).So is what I want to do even feasible or are there dependencies I didn't see that would prevent this from working?
Any hints on how to do what I'm looking for?
Beta Was this translation helpful? Give feedback.
All reactions