AltostratusHi, I'm getting very frustrated trying to write rules using this and other commands in the SSL namespace. The 'Valid Events' sections for most commands on the wiki are either empty of just plain wrong.
-Is there an alternative listing somewhere?
-Anyone know what the valid events are for this command? So far I've only got it to work in CLIENT_ACCEPTED.
Many thanks in advance.
Cirrus
Cirrostratus
EmployeeThe rule of thumb is any event that makes sense in the protocol ordering and context. So let's say that SSL is at OSI layer 6 (or 5 depending on which reference you read). In the client side context, therefore, the SSL::profile command will work in any event after layer 4 and before layer 7, which is pretty much just CLIENT_ACCEPTED and CLIENT_DATA. Using it in HTTP_REQUEST is too late. The same goes for the server side context. The proxy will establish a TCP layer 4 session with the server, negotiate SSL, and then pass the layer 7 traffic, so you need to use SSL::profile in the server side context after layer 4 and before layer 7, which is safely the SERVER_CONNECTED event, but can be used elsewhere.
CirrostratusThanks Kevin, makes sense although I can't get it to 'take' using CLIENT_DATA but no worries; I'm changing my design. Cheers