How not to design a wire protocol
Hal Murray
hmurray at megapathdsl.net
Tue Mar 5 22:05:34 UTC 2019
dfoxfranke at gmail.com said:
[using ALPN]
> I've never tried it myself, but I think Nginx can handle this. Use
> ngx_stream_ssl_preread_module to check ALPN, then based on what's there
> either terminate TLS locally or forward traffic at the TCP layer to some
> other port on ::1. AFAIK Apache users are SOL though.
I don't have a man page for ngx_stream_ssl_preread_module
It feels to me like actually using ALPN across non closely cooperating users
isn't ready for prime time yet. That means we need our own port assignment.
123 makes sense. We might actually use ALPN to multiplex between NTS-KE and a
Mode 6 replacement.
--
These are my opinions. I hate spam.
More information about the devel
mailing list