Hello, everyon
I have a super simple (sanitised) relayd.conf
```
$ext_ip = 192.168.1.1
table <t-http> { 127.0.0.1 }
table <t-https> { 127.0.0.1 }
http protocol "p-https" {
tls session tickets
tls keypair domain.example
tls ca file "/etc/ssl/cert.pem"
http websockets
tcp { nodelay, sack, socket buffer 65536, backlog 100 }
return error
block
pass request path log "/http*" forward to <t-http>
pass request path log "/https*" forward to <t-https>
pass response
}
relay "tlsforward" {
listen on $ext_ip port 443 tls
protocol "p-https"
forward to <t-http> port 81
forward with tls to <t-https> port 82
}
```
The the problem is with the second-to-last line.
If I remove "with tls",
then requests to 82 are forwarded unencrypted, and curl test reports
`curl: (52) Empty reply from server`.
However, if I keep "with tls", the requests to port 81 are going
encrypted, and are failing with the following message in relayd logs:
`SSL routines:ST_CONNECT:tlsv1 alert protocol version`,
`TLS handshake error: handshake failed:`.
There should not be any TLS handshakes at port 81, because the backend
at port 81 is http-only.
Could someone verify that this is the case?
Is there anything I am missing here?
--
Your sincerely,
Vladimir Nikishkin (MiEr, lockywolf)
(Laptop)
No comments:
Post a Comment