[sslh] SSL host headers is this possible?
Rouge
rouge.b at gmail.com
Tue Oct 30 09:45:59 CET 2012
I would suggest to redirect the ssl traffic to a reverse proxy (like
"pound", easy to configure).
Those proxies can hold the ssl connection and redirect virtual hosts to
many http server (not https).
2012/10/30 Yves Rutschle <yves at naryves.com>
> On Mon, Oct 29, 2012 at 10:29:53AM +0000, Ercolino de spiacico wrote:
> > I'm trying to figure out if sshl can do forwarding of https sites based
> on hostnames.
> > What I would like to do is:
> > One single WAN 443 port on the router forwarding to 3 different LAN IP
> based on host
> > headers.
>
> If you're talking about the HTTP hostname, found e.g. in the
> "GET" or "POST" command, then it's not possible as that
> command is ciphered and can only be deciphered after
> associating it with a hostname... Can't be done, by sslh or
> by Apache in fact.
>
> Which is why TLS was extended with Server Name
> Identification (RFC6066, 3. SNI). It involves browser
> support, and might work with sslh by using the regular
> expression probe to find the ServerName record.
>
> An alternative is to put stunnel as a front to decipher
> SSL, then sslh with regex probes on the HTTP command to
> dispatch the connection. Which is an interesting,
> un-intended use of sslh :) .
>
> Y.
>
> _______________________________________________
> sslh mailing list
> sslh at rutschle.net
> http://rutschle.net/cgi-bin/mailman/listinfo/sslh
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rutschle.net/pipermail/sslh/attachments/20121030/b6c56cd5/attachment.html>
More information about the sslh
mailing list