Forum Discussion
Kevin_Stewart
Nov 07, 2013Employee
The rule of thumb is any event that makes sense in the protocol ordering and context. So let's say that SSL is at OSI layer 6 (or 5 depending on which reference you read). In the client side context, therefore, the SSL::profile command will work in any event after layer 4 and before layer 7, which is pretty much just CLIENT_ACCEPTED and CLIENT_DATA. Using it in HTTP_REQUEST is too late. The same goes for the server side context. The proxy will establish a TCP layer 4 session with the server, negotiate SSL, and then pass the layer 7 traffic, so you need to use SSL::profile in the server side context after layer 4 and before layer 7, which is safely the SERVER_CONNECTED event, but can be used elsewhere.