Hi, On Mon, Jan 13, 2020 at 10:52:15PM +0100, Nico Schottelius wrote: > Even with the server sending first, this does not look very hard to > me. As a sketch: > > client->proxy [tcp connect] > proxy->client [SSH-2.0-Proxy_1] > client->proxy [SNI] > proxy->endhost [tcp connect] > endhost->proxy [SSH-2.0-OpenSSH_8.1] > proxy->endhost [SNI] > > From this state on the proxy can forward all traffic from both sides. Sure. But if you do it that way, the client loses information on which server implementation it is talking to - and given the number of bugs and caveats that are worked around in the client based on the "SSH-2.0-$product" message, I see this as non-optimal way forward. > > (and back to square one, might take longer to roll out upgraded clients > > than to roll out v6 to those clients). > > That's quite an interesting challenge. I'd love you being right here. IPv6 is, at least here in DE, nicely happening in many access networks (cable, DSL, mobile - vodafone.DE started supporting it recently!). Where IPv6 is quite lacking is "content", so I applaud your efforts :-) gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany gert@xxxxxxxxxxxxxx _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev