On 13/04/2017 7:13 a.m., Maik Linnemann wrote: > I figured out that nginx is able to do what i want, at least SNI and > multiple certs. I am forced to try that in the meantime. Also i will > check varnish. Is there any realistic date when SNI is available in > reverse proxy with squid? Is there anyone coding at all for that > feature? > I've been working on it as part of the GnuTLS support in Squid-4. https_port can now be configured with multiple cert= key= parameter pairs. But loading any past the first pair with OpenSSL builds is still missing. I _think_ all that is left now (for OpenSSL builds) is to alter that logic loading cert= files into the server context. But I have not investigated those details closely yet. My focus in the 'free' work is getting GnuTLS working for Debian/Ubuntu and refactoring for more easy porting to other backend libraries in future (Fedora, RHEL and Apple want other libraries). I intend for SNI to be usable out of the box with GnuTLS builds. Someone may do OpenSSL changes to match by the time it goes public - I cannot test it so that depends on others. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
