On 12/01/2012 11:20 AM, Henrik Nordström wrote:
> fre 2012-11-30 klockan 23:07 -0700 skrev Alex Rousskov:
>> Does the !flags.canRePin exception address your concern?
> Yes, if used where needed (TPROXY, NTLM).
By default, the canRePin flag is not set and pinned connections are
reused, even for unretriable requests. Thus, bare TPROXY and NTLM code
should be fine without any special/additional changes.
However, a combination of TPROXY and SslBump will see the canRePin flag
set (by the SslBump code). We have not heard complaints that the combo
does not work even though recent SslBump code reopened and repinned
closed server-side connections. Perhaps those bug reports are yet to
come. Why can't TPROXY reopen a server-side connection?
Thank you,
Alex.
P.S. Even if we do not handle TPROXY+SslBump combo correctly today, the
required fix will be outside the proposed patch. The patch is still
needed to handle cases where pinned connections can be reopened and
repinned.
Received on Sat Dec 01 2012 - 18:42:46 MST
This archive was generated by hypermail 2.2.0 : Sun Dec 02 2012 - 12:00:08 MST