[Feature Request] Hybrid SNI + TCP - Githubissues

droe / sslsplit

Transparent SSL/TLS interception

https://www.roe.ch/SSLsplit

BSD 2-Clause "Simplified" License

1.73k stars 327 forks source link

[Feature Request] Hybrid SNI + TCP #250

Closed pyhd closed 4 years ago

pyhd commented 5 years ago

As a transparent proxy when tproxying all TCP:

If any SSL/TLS handshake with SNI was detected, SNI mode would be automatically activated, and also following TCP connections with same session IDs. This is not just only for HTTPS/443, but also non-443 traffic with SSL/TLS+SNI .
HTTP/80 should also be judged by "host-name" headers, perhaps as an optional feature.
Otherwise non-SNI and non-HTTP traffic must be forwarded as plain TCP connections.

With SNI and HTTP covered, it means most nowadays traffic will be re-routed in the gateway.

pyhd commented 5 years ago

Never mind. Haproxy+Nginx can handle my case.