[sslh] SNI hostname based probe
moparisthebest
admin at moparisthebest.com
Mon Jul 13 19:31:06 CEST 2015
Hello all,
I posted this as a github pull request here:
https://github.com/yrutschle/sslh/pull/55
But I figured I should also send the patch to the mailing list for
discussion/review as it appears more active.
This adds the functionality I requested here:
https://github.com/yrutschle/sslh/issues/53
I see this was brought up on the mailing list a few months ago, with a
resolution to use sslh to proxy to
[sniproxy](https://github.com/dlundquist/sniproxy), but sniproxy doesn't
have all the features of sslh such as transparent proxying and such, so
why not include it? :)
This new probe, like the regex one, only works with a configuration file
because it needs the list of hostnames to match on. Technically to be
useful it needs to come BEFORE the TLS probe because anything this
matches on must be TLS first.
tls.c and tls.h are used to parse TLS extensions to find the SNI name, I
took these from the sniproxy project and modified them, I *believe* the
licenses are compatible but IANAL, here are links to the original files:
https://github.com/dlundquist/sniproxy/blob/master/src/tls.c
https://github.com/dlundquist/sniproxy/blob/master/src/tls.h
Let me know if I can do anything else to get this merged! Thanks much
for sslh!
Thanks,
moparisthebest
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Add-SNI-hostname-based-probe.patch
Type: text/x-patch
Size: 15558 bytes
Desc: not available
URL: <http://rutschle.net/pipermail/sslh/attachments/20150713/c6787fda/attachment.bin>
More information about the sslh
mailing list