hobbytp
commented
1 month ago @howardjohn can I understand that it will also benefit StartTLS handling?
Closed howardjohn closed 3 days ago
hobbytp
commented
1 month ago @howardjohn can I understand that it will also benefit StartTLS handling?
howardjohn
commented
1 month ago I don't know much about StartTLS but I think that is unrelated and already supported by envoy
github-actions[bot]
commented
1 week ago This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or "no stalebot" or other activity occurs. Thank you for your contributions.
github-actions[bot]
commented
3 days ago This issue has been automatically closed because it has not had activity in the last 37 days. If this issue is still valid, please ping a maintainer and ask them to label it as "help wanted" or "no stalebot". Thank you for your contributions.
howardjohn
commented
2 days ago Can we reopen this?
Title: Passive TLS inspector
Description: Envoy currently provides a tls_inspector. This is handy for many use cases.
One use case it is not great for is proxying arbitrary traffic, and logging TLS attributes (generally, the SNI). Use of the inspector causes blocking until enough data is read, which will never happen for server-first protocols like mysql.
Instead, I would like a 'passive' inspector. Data will flow through as-normal, but if it is found to be TLS, some state is stored. Eventually, I would expect to be able to log the SNI on connection termination using the standard access logger