crypto/tls: provide a way to dynamically handle client hellos #15699
Comments
|
Erlang's ssl module has a similar facility: sni_fun in server-side ssl options, though it's only called when SNI is used. A callback that's used regardless of SNI (as GetCertificate is now) would be more generally useful. |
|
To @agl for thoughts. (Not necessarily for implementation) |
|
@agl this is something I'd really like to help implement or at least see for 1.8. Any input on this and/or #15707? I'm roughly thinking of something like |
|
It's on my desiderata list for 1.8. |
|
See #16066 for a related issue and my comment #16066 (comment) for one idea. |
quentinmit
added
the
NeedsFix
|
CL https://golang.org/cl/30790 mentions this issue. |
GetConfigForClient allows the tls.Config to be updated on a per-client basis. Fixes golang#16066. Fixes golang#15707. Fixes golang#15699. Change-Id: I2c675a443d557f969441226729f98502b38901ea Reviewed-on: https://go-review.googlesource.com/30790 Run-TryBot: Adam Langley <agl@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
GetConfigForClient allows the tls.Config to be updated on a per-client basis. Fixes golang#16066. Fixes golang#15707. Fixes golang#15699. Change-Id: I2c675a443d557f969441226729f98502b38901ea Reviewed-on: https://go-review.googlesource.com/30790 Run-TryBot: Adam Langley <agl@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
I'd like to control whether or not to offer the "h2" protocol during TLS handshake based on the client's requested server name. Currently there's no way to do this with crypto/tls.
Would an optional callback similar to GetCertificate be useful for this and other similar cases?
The text was updated successfully, but these errors were encountered: