Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 26 Mar 2019 11:09:01 -0400
From: Drew DeVault <>
Subject: Re: Supporting git access via smart HTTPS protocol for

On 2019-03-26 11:04 AM, Rich Felker wrote:
> > Also I find you are providing https version of site.
> > thttpd does not supports https. Are you using stunnel for it?
> I'm presently using haproxy's TLS-layer (vs HTTPS-layer) proxying,
> because stunnel suggers from a 2.5-decades-old wrong handling of TCP
> connection closing that makes it unusable, and because haproxy is what
> I knew at the time. I think openssl s_server could handle it too, but
> might not support SNI (?). What I'd really prefer is a non-broken
> stunnel workalike using BearSSL as the backend, since BearSSL is the
> only non-awful TLS implementation. If anyone wants to work on
> something like that I'd be happy to test and eventually dogfood it on
> musl site.

If a working haproxy solution is already in place, why not rig it up for
cloning as well? What's the old phrase - perfect is the enemy of good,
or something like that.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.